1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Invalid Picture" pop up virus

Discussion in 'Virus & Other Malware Removal' started by chimaykaren, Nov 6, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. chimaykaren

    chimaykaren Thread Starter

    Joined:
    Nov 6, 2005
    Messages:
    23
    I am wondering if anybody has any advice about what I can do...this pop-up virus will not let me run HJT, or install or uninstall anything. I can't uninstall old virus protection software to reinstall newer versions, for example. The pop-ups escalate in number/frequency as time passes in whatever application I am trying to run. I have gone to Symantec to try to get the appropriate virus download removal, but since I don't know the name of this thing, it's been hit and miss, and nothing is working so far. How can I find out: #1. what it is called, and then obviously, #2. remove it. It has slowed my computer down to the point where I can barely do anything. Also, once the po-ups have ballooned all over the page, it then puts out a "can't quit" pop-up that prevents me from properly closing down Windows. All I can do at that point is shut off the computer.

    Thanks, and apologies if this question has been asked before. I just joined here, as I am at wits end about how to fix my computer.
     
  2. Sponsor

  3. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    You say you can't 'run' HJT so I presume you have been able to download it to your computer? It's possible you have a virus that specifically tries to stop anti-malware tools from running, so I suggest you try this:

    First, rename the hijackthis.exe file - call it anything such as chimayhj.exe. Try running it again and seeing if it will start - if so, scan and post a log.

    Second - if the above doesn't work, click HERE to download Itty Bitty Process Manager from Merijn (author of HJT). Unzip and run it (if it won't run then, as before, try renaming it). If you are able to run it, the program will provide a window like 'Task Manager'. Don't use it to stop any programs yet, just copy the list of running processes and paste that into a new post.

    Good luck...
     
  4. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    Can I suggest another way if HJT doesn't start?

    Try to use it in Safe Mode, how to boot in Safe Mode:

    click Start then click Run.

    type in:

    msconfig

    click the BOOT.INI tab, then select /SAFEMODE, click OK, then Restart.
     
  5. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    Hi Jag11 - yes, the user may be able to run HJT in Safe Mode but since the reason it might work is that the 'problem' malware doesn't 'start', then it obviously won't show up in the HJT log.

    Also, as a general comment, when booting into safe mode the Msconfig method is not recommended by experts. The reason for this is that if there is a problem with Safe Mode, the computer will go into a 'loop' trying and failing to load Safe Mode and the user won't be able to get back into Normal mode. They'll then have to manually edit the boot.ini file, which is a slightly complex process.

    Cheers...
     
  6. Jag11

    Jag11

    Joined:
    May 30, 2005
    Messages:
    1,244
    thanks for the info man. But, can't we just tap F8 repeatedly when starting so we can go back to Normal?
     
  7. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    Hi Jag11 - the F8 method (some computers use a different 'F' key) can be used to choose either Safe Mode or Normal Mode. However, if the Msconfig method is used, the computer will try to boot into Safe Mode first, even if the user selects Normal Mode, and if there's a problem with Safe Mode it'll never boot into Normal Mode until the boot.ini file is edited.

    Cheers...
     
  8. chimaykaren

    chimaykaren Thread Starter

    Joined:
    Nov 6, 2005
    Messages:
    23
    Thanks both of you, for your suggestions. I can't tell you how much it means to have support, because I am obviously pulling my hair out here.

    Yes, HJT did download, all 213 kb of it. And I did rename it, (clever suggestion) but it still won't open/run. It's there, just doesn't run.
    I can't get IBProcMan to run either...And given that I can't even scroll/copy/paste very long emails because my computer is operating so slowly, am thinking there could be problems to paste in the results of HJT if I even could get it to run...I can't even run Word at this point...

    I want to give trying to reboot in SafeMode a try, but now you've got me scared...Should I just try it anyway, as I can't do anything else?
     
  9. chimaykaren

    chimaykaren Thread Starter

    Joined:
    Nov 6, 2005
    Messages:
    23
    Well, after weighing the pros and cons, decided to give rebooting in Safe Mode a try. However, I couldn't do it via the method you described, as I got an error message ("Cannot find the file 'msconfig' or one of its components. Make sure the path and file name are correct and that all required libraries are available") message. So, I hit F8 when the computer was starting up, and entered Safe Mode that way.

    And get this: so, I try to run Highjack This in SM, and the pop-up appeared RIGHT AWAY, and instead of it saying its usual "invalid picture" it now said, "Highjack This." I exited SM, and had no problem starting up again normally, so the computer didn't loop, as you feared. Also, in SM, I couldn't access Internet Explorer, which is about the only program the virus doesn't seem to impact, at least, so far.

    So, okay. I am totally depressed here. Are we talking about wiping out the hard drive? The only thing that I really want to save, if that is going to be the case, are a year-and-a-half worth's of dphotos that I foolishly don't have backed-up anywhere else...It goes without saying that the virus could be in the photos as well, doesn't it?
    !!! Grrr. I feel so stupid and defeated....
     
  10. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    Hi chimaykaren - sorry for the delay in responding. I know it's a pain when computers play up but don't get depressed. There are plenty of experts in this forum and many things we can try before we have to resort to reinstalling.

    The 'loop' problem I described won't appear if you use the F8 method - it can happen if you use the Msconfig method, but you couldn't do that. You can safely use the F8 method.

    You said that you received a pop-up saying 'HijackThis' when you started HJT in Safe Mode. Did the program start?

    If it did, click 'Scan and save a log file'. DO NOT try to 'fix' anything with HJT at this stage - most of the entries it shows are valid and necessary for Windows to operate. When it's finished scanning, a new notepad window will open with the log. Please save this to your desktop (call it anything).

    You won't be able to access the Internet in Safe Mode, so you'll then need to reboot into Normal mode. Then connect to the Internet, open the notepad log file on the desktop, copy the contents and paste them into your next post so that an expert can review it.

    If HJT will not run even in Safe Mode, let us know.

    Cheers...
     
  11. chimaykaren

    chimaykaren Thread Starter

    Joined:
    Nov 6, 2005
    Messages:
    23
    Thanks again Surreal2, that's good to hear.

    Tried again to run it in SM, but no go. Sounds like the program is about to run, but then the "Invalid Picture" Pop-up comes up instead, and as I said, "Hijack This" is written in the blue bar at the top of the pop-up. I did rename HJ this too, which is weird that that name doesn't come up.

    Also, I can't shut down properly. Instead, I get a "Program Not Responding" box with all sorts of weird exe names...such as: plulmd.exe., vgaxsy.exe, dmamah.exe and messeti.exe
    I never saw those before this problem happened.
     
  12. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    Hi chimaykaren - I can't find info on the names of the 'Program not responding' files you mention which suggests they are not legitimate. I'll check out a few things and get back to you as soon as I can.

    Cheers...
     
  13. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    Hi chimaykaren - let's start over and take things step by step.

    Can you tell me:

    What your Operating System is?

    What is the specification of your computer - CPU, amount of RAM, how many and what size Hard drives, whether you have a floppy drive/cd drive?

    Where did you download HijackThis from - do you know which format you downloaded (was it a Zip file or an Exe file)?

    Cheers...
     
  14. chimaykaren

    chimaykaren Thread Starter

    Joined:
    Nov 6, 2005
    Messages:
    23
    Hi Surreal,
    It's a Dell Optiplex GX150 which I 'inherited,' so I am without the original paperwork with all the specs.
    It's Windows 2000, Pentium III, 1-2 CPU, 259,646 KB Ram, one hard drive, which I believe is 20GB, CD drive and I downloaded Hihack This from: www.download.com, and it was a zip file (the shortcut on the desktop says chimayjh.exe) What else....
     
  15. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    Hi chimaykaren...OK, try this:

    Click HERE to download Startuplist.zip. Unzip it and try running the program in Normal mode or in Safe mode if that doesn't work. It'll scan your computer and open a log in Notepad - copy the entire contents of the Notepad file and post back with the results.

    Cheers...
     
  16. chimaykaren

    chimaykaren Thread Starter

    Joined:
    Nov 6, 2005
    Messages:
    23
    Hi Surreal,
    Hope I got all of it here...

    StartupList report, 11/11/2005, 7:31:15 AM
    StartupList version: 1.52
    Started from : C:\unzipped\startuplist[1]\StartupList.EXE
    Detected: Windows 2000 SP4 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\cisvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\HPCD-W~1\DirectCD\directcd.exe
    C:\HP CD-Writer\Mmenu\hpcdtray.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Classic PhoneTools\CapFax.EXE
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Telstra\Toolbar\bpumTray.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Hello\Hello.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\winnt\system32\nddtxo.exe
    C:\winnt\system32\plulmd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\winnt\system32\vgaxsv.exe
    C:\winnt\system32\dmamah.exe
    C:\winnt\system32\msseti.exe
    C:\winnt\system32\dmutpm.exe
    C:\winnt\system32\javdne.exe
    C:\winnt\system32\expnam.exe
    C:\winnt\system32\wpnpth.exe
    C:\winnt\system32\licust.exe
    C:\winnt\system32\foraic.exe
    C:\winnt\system32\faxbrd.exe
    C:\winnt\system32\stinfe.exe
    C:\winnt\system32\asfdcb.exe
    C:\winnt\system32\schcla.exe
    C:\winnt\system32\mdtlmq.exe
    C:\winnt\system32\ntdnbc.exe
    C:\winnt\system32\odbnlo.exe
    C:\winnt\system32\mssrnu.exe
    C:\winnt\system32\kbdwav.exe
    C:\winnt\system32\qossst.exe
    C:\winnt\system32\cnbcly.exe
    C:\winnt\system32\protab.exe
    C:\winnt\system32\msdtxp.exe
    C:\winnt\system32\msdrui.exe
    C:\winnt\system32\appvrh.exe
    C:\winnt\system32\slbpor.exe
    C:\winnt\system32\comisg.exe
    C:\winnt\system32\icwcfc.exe
    C:\winnt\system32\stripm.exe
    C:\winnt\system32\lzet5a.exe
    C:\winnt\system32\dspspb.exe
    C:\winnt\system32\wzcspd.exe
    C:\winnt\system32\regedi.exe
    C:\winnt\system32\ddrsre.exe
    C:\winnt\system32\intabb.exe
    C:\winnt\system32\odbvfe.exe
    C:\winnt\system32\lsadii.exe
    C:\winnt\system32\mmfmms.exe
    C:\winnt\system32\msvdlr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
    C:\winnt\system32\usetve.exe
    C:\winnt\system32\jobbws.exe
    C:\winnt\system32\netegc.exe
    C:\winnt\system32\nwaspi.exe
    C:\winnt\system32\acsnpe.exe
    C:\winnt\system32\finjnt.exe
    C:\winnt\system32\logtem.exe
    C:\winnt\system32\mspnts.exe
    C:\winnt\system32\dbmalc.exe
    C:\winnt\system32\appsut.exe
    C:\winnt\system32\msviis.exe
    C:\winnt\system32\wingco.exe
    C:\winnt\system32\strsec.exe
    C:\winnt\system32\wmpd5m.exe
    C:\winnt\system32\iasmsv.exe
    C:\winnt\system32\nwapdx.exe
    C:\winnt\system32\sdbxvf.exe
    C:\winnt\system32\oisvpv.exe
    C:\winnt\system32\vbaejt.exe
    C:\winnt\system32\scrd10.exe
    C:\winnt\system32\olemds.exe
    C:\winnt\system32\jobwat.exe
    C:\winnt\system32\roussr.exe
    C:\winnt\system32\ksuont.exe
    C:\winnt\system32\spinae.exe
    C:\winnt\system32\sclisg.exe
    C:\winnt\system32\objots.exe
    C:\winnt\system32\fnfirg.exe
    C:\winnt\system32\ntdame.exe
    C:\winnt\system32\dcinet.exe
    C:\winnt\system32\hhsxsh.exe
    C:\winnt\system32\regiim.exe
    C:\winnt\system32\inersv.exe
    C:\winnt\system32\odbsnc.exe
    C:\winnt\system32\boodap.exe
    C:\winnt\system32\spocvc.exe
    C:\winnt\system32\sqlkft.exe
    C:\winnt\system32\ntdoav.exe
    C:\winnt\system32\odbrbr.exe
    C:\winnt\system32\tcpisd.exe
    C:\winnt\system32\msdtbm.exe
    C:\winnt\system32\ntdspi.exe
    C:\winnt\system32\periks.exe
    C:\winnt\system32\pngrgc.exe
    C:\winnt\system32\shdmre.exe
    C:\winnt\system32\netgap.exe
    C:\winnt\system32\odbeol.exe
    C:\winnt\system32\stiyvh.exe
    C:\winnt\system32\nettpr.exe
    C:\winnt\system32\wmvlkr.exe
    C:\winnt\system32\dbmipl.exe
    C:\winnt\system32\dgsgcp.exe
    C:\winnt\system32\verbdm.exe
    C:\winnt\system32\msancs.exe
    C:\winnt\system32\kbdsdm.exe
    C:\winnt\system32\q25dic.exe
    C:\winnt\system32\kbdcsb.exe
    C:\winnt\system32\ntmrme.exe
    C:\winnt\system32\cryrtp.exe
    C:\winnt\system32\offgmr.exe
    C:\winnt\system32\vbsvrh.exe
    C:\winnt\system32\comsmd.exe
    C:\winnt\system32\fonrsv.exe
    C:\winnt\system32\compoo.exe
    C:\winnt\system32\wmatog.exe
    C:\winnt\system32\iprxdn.exe
    C:\winnt\system32\kbdobe.exe
    C:\winnt\system32\corcmu.exe
    C:\Program Files\ClockSync\Sync.exe
    C:\winnt\system32\nddtxo.exe
    C:\winnt\system32\plulmd.exe
    C:\winnt\system32\vgaxsv.exe
    C:\winnt\system32\dmamah.exe
    C:\winnt\system32\msseti.exe
    C:\winnt\system32\dmutpm.exe
    C:\winnt\system32\javdne.exe
    C:\winnt\system32\expnam.exe
    C:\winnt\system32\wpnpth.exe
    C:\winnt\system32\licust.exe
    C:\winnt\system32\foraic.exe
    C:\winnt\system32\faxbrd.exe
    C:\winnt\system32\stinfe.exe
    C:\winnt\system32\asfdcb.exe
    C:\winnt\system32\schcla.exe
    C:\winnt\system32\mdtlmq.exe
    C:\winnt\system32\ntdnbc.exe
    C:\winnt\system32\odbnlo.exe
    C:\winnt\system32\mssrnu.exe
    C:\winnt\system32\kbdwav.exe
    C:\winnt\system32\qossst.exe
    C:\winnt\system32\cnbcly.exe
    C:\winnt\system32\protab.exe
    C:\winnt\system32\msdtxp.exe
    C:\winnt\system32\msdrui.exe
    C:\winnt\system32\appvrh.exe
    C:\winnt\system32\slbpor.exe
    C:\winnt\system32\comisg.exe
    C:\winnt\system32\icwcfc.exe
    C:\winnt\system32\stripm.exe
    C:\winnt\system32\lzet5a.exe
    C:\winnt\system32\dspspb.exe
    C:\winnt\system32\wzcspd.exe
    C:\winnt\system32\regedi.exe
    C:\winnt\system32\ddrsre.exe
    C:\winnt\system32\intabb.exe
    C:\winnt\system32\odbvfe.exe
    C:\winnt\system32\lsadii.exe
    C:\winnt\system32\mmfmms.exe
    C:\winnt\system32\msvdlr.exe
    C:\winnt\system32\usetve.exe
    C:\winnt\system32\jobbws.exe
    C:\winnt\system32\netegc.exe
    C:\winnt\system32\nwaspi.exe
    C:\winnt\system32\acsnpe.exe
    C:\winnt\system32\finjnt.exe
    C:\winnt\system32\logtem.exe
    C:\winnt\system32\mspnts.exe
    C:\winnt\system32\dbmalc.exe
    C:\winnt\system32\appsut.exe
    C:\winnt\system32\msviis.exe
    C:\winnt\system32\wingco.exe
    C:\winnt\system32\strsec.exe
    C:\winnt\system32\wmpd5m.exe
    C:\winnt\system32\iasmsv.exe
    C:\winnt\system32\nwapdx.exe
    C:\winnt\system32\sdbxvf.exe
    C:\winnt\system32\oisvpv.exe
    C:\winnt\system32\vbaejt.exe
    C:\winnt\system32\scrd10.exe
    C:\winnt\system32\olemds.exe
    C:\winnt\system32\jobwat.exe
    C:\winnt\system32\roussr.exe
    C:\winnt\system32\ksuont.exe
    C:\winnt\system32\spinae.exe
    C:\winnt\system32\sclisg.exe
    C:\winnt\system32\objots.exe
    C:\winnt\system32\fnfirg.exe
    C:\winnt\system32\ntdame.exe
    C:\winnt\system32\dcinet.exe
    C:\winnt\system32\hhsxsh.exe
    C:\winnt\system32\regiim.exe
    C:\winnt\system32\inersv.exe
    C:\winnt\system32\odbsnc.exe
    C:\winnt\system32\boodap.exe
    C:\winnt\system32\spocvc.exe
    C:\winnt\system32\sqlkft.exe
    C:\winnt\system32\ntdoav.exe
    C:\winnt\system32\odbrbr.exe
    C:\winnt\system32\tcpisd.exe
    C:\winnt\system32\msdtbm.exe
    C:\winnt\system32\ntdspi.exe
    C:\winnt\system32\periks.exe
    C:\winnt\system32\pngrgc.exe
    C:\winnt\system32\shdmre.exe
    C:\winnt\system32\netgap.exe
    C:\winnt\system32\odbeol.exe
    C:\winnt\system32\stiyvh.exe
    C:\winnt\system32\nettpr.exe
    C:\winnt\system32\wmvlkr.exe
    C:\winnt\system32\dbmipl.exe
    C:\winnt\system32\dgsgcp.exe
    C:\winnt\system32\verbdm.exe
    C:\winnt\system32\msancs.exe
    C:\winnt\system32\kbdsdm.exe
    C:\winnt\system32\q25dic.exe
    C:\winnt\system32\kbdcsb.exe
    C:\winnt\system32\ntmrme.exe
    C:\winnt\system32\cryrtp.exe
    C:\winnt\system32\offgmr.exe
    C:\winnt\system32\vbsvrh.exe
    C:\winnt\system32\comsmd.exe
    C:\winnt\system32\fonrsv.exe
    C:\winnt\system32\compoo.exe
    C:\winnt\system32\wmatog.exe
    C:\winnt\system32\iprxdn.exe
    C:\winnt\system32\kbdobe.exe
    C:\winnt\system32\corcmu.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Microsoft Office\Office\OSA9.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\cidaemon.exe
    C:\unzipped\startuplist[1]\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup]
    DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
    HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Synchronization Manager = mobsync.exe /logon
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    Adaptec DirectCD = C:\HPCD-W~1\DirectCD\directcd.exe
    HP CD-Writer = C:\HP CD-Writer\Mmenu\hpcdtray.exe
    WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    SysUpd = C:\WINNT\sysupd.exe
    CapFax = C:\Program Files\Classic PhoneTools\CapFax.EXE
    SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    BigPond Toolbar = "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
    PicasaNet = "C:\Program Files\Hello\Hello.exe" -b
    Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
    iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ClockSync = C:\Program Files\ClockSync\Sync.exe /q
    nddtxo = c:\winnt\system32\nddtxo.exe
    plulmd = c:\winnt\system32\plulmd.exe
    vgaxsv = C:\winnt\system32\vgaxsv.exe
    dmamah = C:\winnt\system32\dmamah.exe
    msseti = C:\winnt\system32\msseti.exe
    dmutpm = c:\winnt\system32\dmutpm.exe
    javdne = c:\winnt\system32\javdne.exe
    expnam = c:\winnt\system32\expnam.exe
    wpnpth = c:\winnt\system32\wpnpth.exe
    licust = c:\winnt\system32\licust.exe
    foraic = c:\winnt\system32\foraic.exe
    faxbrd = c:\winnt\system32\faxbrd.exe
    stinfe = c:\winnt\system32\stinfe.exe
    asfdcb = c:\winnt\system32\asfdcb.exe
    schcla = c:\winnt\system32\schcla.exe
    mdtlmq = c:\winnt\system32\mdtlmq.exe
    ntdnbc = c:\winnt\system32\ntdnbc.exe
    odbnlo = c:\winnt\system32\odbnlo.exe
    mssrnu = c:\winnt\system32\mssrnu.exe
    kbdwav = c:\winnt\system32\kbdwav.exe
    qossst = c:\winnt\system32\qossst.exe
    cnbcly = c:\winnt\system32\cnbcly.exe
    protab = c:\winnt\system32\protab.exe
    msdtxp = c:\winnt\system32\msdtxp.exe
    msdrui = c:\winnt\system32\msdrui.exe
    appvrh = c:\winnt\system32\appvrh.exe
    slbpor = c:\winnt\system32\slbpor.exe
    comisg = c:\winnt\system32\comisg.exe
    icwcfc = C:\winnt\system32\icwcfc.exe
    stripm = C:\winnt\system32\stripm.exe
    lzet5a = c:\winnt\system32\lzet5a.exe
    dspspb = c:\winnt\system32\dspspb.exe
    wzcspd = c:\winnt\system32\wzcspd.exe
    regedi = c:\winnt\system32\regedi.exe
    ddrsre = c:\winnt\system32\ddrsre.exe
    intabb = c:\winnt\system32\intabb.exe
    odbvfe = c:\winnt\system32\odbvfe.exe
    lsadii = c:\winnt\system32\lsadii.exe
    mmfmms = c:\winnt\system32\mmfmms.exe
    msvdlr = c:\winnt\system32\msvdlr.exe
    usetve = c:\winnt\system32\usetve.exe
    jobbws = c:\winnt\system32\jobbws.exe
    netegc = c:\winnt\system32\netegc.exe
    nwaspi = c:\winnt\system32\nwaspi.exe
    acsnpe = c:\winnt\system32\acsnpe.exe
    finjnt = c:\winnt\system32\finjnt.exe
    logtem = c:\winnt\system32\logtem.exe
    mspnts = c:\winnt\system32\mspnts.exe
    dbmalc = c:\winnt\system32\dbmalc.exe
    appsut = c:\winnt\system32\appsut.exe
    msviis = c:\winnt\system32\msviis.exe
    wingco = c:\winnt\system32\wingco.exe
    strsec = C:\winnt\system32\strsec.exe
    wmpd5m = C:\winnt\system32\wmpd5m.exe
    iasmsv = C:\winnt\system32\iasmsv.exe
    nwapdx = C:\winnt\system32\nwapdx.exe
    sdbxvf = C:\winnt\system32\sdbxvf.exe
    oisvpv = C:\winnt\system32\oisvpv.exe
    vbaejt = C:\winnt\system32\vbaejt.exe
    scrd10 = c:\winnt\system32\scrd10.exe
    olemds = C:\winnt\system32\olemds.exe
    jobwat = C:\winnt\system32\jobwat.exe
    roussr = C:\winnt\system32\roussr.exe
    ksuont = c:\winnt\system32\ksuont.exe
    spinae = C:\winnt\system32\spinae.exe
    sclisg = C:\winnt\system32\sclisg.exe
    objots = c:\winnt\system32\objots.exe
    fnfirg = C:\winnt\system32\fnfirg.exe
    ntdame = C:\winnt\system32\ntdame.exe
    dcinet = C:\winnt\system32\dcinet.exe
    hhsxsh = C:\winnt\system32\hhsxsh.exe
    regiim = c:\winnt\system32\regiim.exe
    inersv = c:\winnt\system32\inersv.exe
    odbsnc = c:\winnt\system32\odbsnc.exe
    boodap = c:\winnt\system32\boodap.exe
    spocvc = c:\winnt\system32\spocvc.exe
    sqlkft = c:\winnt\system32\sqlkft.exe
    ntdoav = c:\winnt\system32\ntdoav.exe
    odbrbr = c:\winnt\system32\odbrbr.exe
    tcpisd = c:\winnt\system32\tcpisd.exe
    msdtbm = c:\winnt\system32\msdtbm.exe
    ntdspi = c:\winnt\system32\ntdspi.exe
    periks = c:\winnt\system32\periks.exe
    pngrgc = c:\winnt\system32\pngrgc.exe
    shdmre = c:\winnt\system32\shdmre.exe
    netgap = c:\winnt\system32\netgap.exe
    odbeol = c:\winnt\system32\odbeol.exe
    stiyvh = c:\winnt\system32\stiyvh.exe
    nettpr = c:\winnt\system32\nettpr.exe
    wmvlkr = c:\winnt\system32\wmvlkr.exe
    dbmipl = c:\winnt\system32\dbmipl.exe
    dgsgcp = c:\winnt\system32\dgsgcp.exe
    verbdm = c:\winnt\system32\verbdm.exe
    msancs = c:\winnt\system32\msancs.exe
    kbdsdm = c:\winnt\system32\kbdsdm.exe
    q25dic = c:\winnt\system32\q25dic.exe
    kbdcsb = c:\winnt\system32\kbdcsb.exe
    ntmrme = c:\winnt\system32\ntmrme.exe
    cryrtp = c:\winnt\system32\cryrtp.exe
    offgmr = c:\winnt\system32\offgmr.exe
    vbsvrh = c:\winnt\system32\vbsvrh.exe
    comsmd = c:\winnt\system32\comsmd.exe
    fonrsv = c:\winnt\system32\fonrsv.exe
    compoo = c:\winnt\system32\compoo.exe
    wmatog = c:\winnt\system32\wmatog.exe
    iprxdn = c:\winnt\system32\iprxdn.exe
    kbdobe = c:\winnt\system32\kbdobe.exe
    corcmu = c:\winnt\system32\corcmu.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINNT\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINNT\system32\Kaleid95.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll - {02478D28-C3F9-4efb-9B51-7695ECA05670}
    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\E2G\IeBHOs.dll - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
    (no name) - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [Install Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\pinstall.dll
    CODEBASE = http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37576.8905902778

    [YahooYMailTo Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\ymmapi.dll
    CODEBASE = http://download.yahoo.com/dl/mail/ymmapi.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
    WebCheck: C:\WINNT\System32\webcheck.dll
    SysTray: stobject.dll

    --------------------------------------------------
    End of report, 18,077 bytes
    Report generated in 47.628 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/414262