1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem....yahoo msgner keeps shutting down, compt slow,

Discussion in 'Virus & Other Malware Removal' started by 1+1=4...duh, Aug 7, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    Please help, I believe I was hacked? What should I look for if my computer is being tracked , taken over? Thanks
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    I also have these dat file things everywhere now??? I can not open them to see what they are.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:31:09 AM, on 8/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    C:\WINDOWS\PMJ151LA.BIN
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
    C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\hphmon03.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\HPHipm09.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127368317747
    O16 - DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool) - http://public2.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Your log appears fine, what are these dat file you are worried about? Give me some name and location examples.
     
  5. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    this keeps popping up in note pad/book...

    420 460 WinMain
    420 460 lpCmdLine: '/REGSERVER'
    420 460 Run
    420 460 lpCmdLine: '/REGSERVER'
    420 460 nCmdShow: 10
    420 460 leaving WinMain

    As usual they are not popping up, but they are gold and green sprocket pic on folder, and I think pop up as default user?? Sorry about the lack of info, I will copy one when it happens
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK that will work!
     
  7. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    Is this legit...I have never noticed it before....says something about msgner has named app Id but not recorded under hkey root id? a dead letter que?
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Never seen anything like that.
    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Reboot to safe mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot to normal mode.


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  9. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    I forgot how to get to safe mode....pressing a button or something???
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Tapping the F8 key while it's booting up...
     
  11. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 8/23/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    aspack 7/6/2006 6:21:46 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    winsync 8/23/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
    PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    8/7/2006 12:28:20 PM S 2048 C:\WINDOWS\bootstat.dat
    7/29/2006 10:45:48 AM HS 7680 C:\WINDOWS\Thumbs.db
    7/15/2006 7:59:16 AM HS 7168 C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db
    8/7/2006 10:07:52 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini
    8/7/2006 10:07:52 AM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
    8/7/2006 10:07:52 AM RH 0 C:\WINDOWS\assembly\pubpol1.dat
    8/7/2006 10:23:50 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
    8/7/2006 10:24:04 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
    8/7/2006 12:26:10 PM S 64 C:\WINDOWS\CSC\00000001
    8/6/2006 9:43:26 AM S 64 C:\WINDOWS\CSC\00000002
    7/14/2006 11:08:22 AM S 64 C:\WINDOWS\CSC\csc1.tmp
    7/16/2006 11:06:32 AM HS 5632 C:\WINDOWS\Help\Thumbs.db
    6/18/2006 7:29:30 PM H 10820 C:\WINDOWS\Help\update.GID
    6/25/2006 1:13:44 AM H 37280 C:\WINDOWS\system32\mlfcache.dat
    6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
    8/7/2006 12:28:08 PM H 8192 C:\WINDOWS\system32\config\default.LOG
    8/7/2006 12:28:46 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
    8/7/2006 12:28:24 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
    8/7/2006 12:28:52 PM H 77824 C:\WINDOWS\system32\config\software.LOG
    8/7/2006 12:28:32 PM H 897024 C:\WINDOWS\system32\config\system.LOG
    7/29/2006 10:17:08 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    7/29/2006 11:26:10 AM HS 238592 C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db
    8/7/2006 12:31:48 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    8/7/2006 12:26:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT
    7/14/2006 2:13:12 AM HS 7680 C:\WINDOWS\Web\Thumbs.db
    7/16/2006 11:07:04 AM HS 9216 C:\WINDOWS\Web\printers\images\Thumbs.db

    Checking for CPL files...
    Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Intel Corporation 12/18/2005 12:55:12 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
    Microsoft Corporation 8/23/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    1/26/2005 11:38:28 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    1/26/2005 3:10:52 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
    10/13/2005 10:48:04 AM 3198 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    1/26/2005 11:38:28 AM HS 84 C:\Documents and Settings\Darren Adams\Start Menu\Programs\Startup\desktop.ini

    Checking files in %USERPROFILE%\Application Data folder...

    Items found in C:\Documents and Settings\Darren Adams\Application Data\.googlewebacchosts

    3/14/2006 5:47:22 PM 383 C:\Documents and Settings\Darren Adams\Application Data\.googlewebacchosts
    8/7/2006 4:13:02 AM 1740 C:\Documents and Settings\Darren Adams\Application Data\AdobeDLM.log
    1/26/2005 3:10:52 AM HS 62 C:\Documents and Settings\Darren Adams\Application Data\desktop.ini
    3/7/2006 7:58:42 PM 0 C:\Documents and Settings\Darren Adams\Application Data\dm.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =
    YPC 3.2.0 = Yahoo! Parental Controls

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
    {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA_AntiVirus
    {1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\MyPictures3D
    =
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
    {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
    {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus
    {1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\MyPictures3D
    {AA7A03E6-7FA5-42E7-9D7A-9A2A4E344B3F} =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} = :

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    YBrowser C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
    IPInSightLAN 02 "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    IPInSightMonitor 02 "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    Motive SmartBridge C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    CaAvTray "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
    CAVRID "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
    HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    IgfxTray C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
    HPHmon03 C:\WINDOWS\system32\hphmon03.exe
    Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
    ScanWithAntiVirus 2


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {17492023-C23A-453E-A040-C7C580BBF700} 1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
    Key €"⊢´×.äfbôlÅqd
    Hint i do it
    FileName0 C:\WINDOWS\system32\RSACi.rat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
    Allow_Unknowns 1
    PleaseMom 1
    Enabled 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
    v 4
    n 4
    l 4
    s 4

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
    NumSys 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
    UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    = WgaLogon.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 8/7/2006 12:42:35 PM


    UPX!
    FSG!
    PEC2
    PECompact2
    Umonitor
    qoologic
    aspack
    PTech
    urllogic
    ad-beh
    ad-behNior.com
    sYVLLSAKY
    _rtneg3
    SAHAgent
    buddy.exe
    ZepMon
    aurora.exe
    ;2x(V]@BMD
    Tlji7Mk
    KavSvc
    69.59.186.63
    209.66.67.134
    66.63.167.97
    66.63.167.77
    abetterinternet.com
    8B!7F\(T
    testpopup
    web-nex
    yourkey
    winsync
    rec2_run
    WinShutDown
    ad-w-a-r-e.com
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I've asked the other moderators/administrators to look at this...
     
  13. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    I had to leave for a second, but I am back....Is it hacked, because as soon as I came out of safe mode it seemed like I was being blocked....so I turned the comp/modem off when I left, then when I got back and turned it on I was all ready signed in??? It never has ever done that? I am pretty much a computer illiterate, but it has been wierd...thanks
     
  14. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    I had to leave for a second, but I am back....Is it hacked, because as soon as I came out of safe mode it seemed like I was being blocked....so I turned the comp/modem off when I left, then when I got back and turned it on I was all ready signed in??? It never has ever done that? I am pretty much a computer illiterate, but it has been wierd...thanks
     
  15. 1+1=4...duh

    1+1=4...duh Thread Starter

    Joined:
    Feb 28, 2006
    Messages:
    29
    Hello...just checking to see what any other monitors think of the report thing....is it bad or good?....now I am worried
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490182

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice