Tech Support Guy banner
Cancel

Solved: XP; delaying opening "my computer" & programs

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 100 Posts
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #1 ·
Opening most programs & "my computer" takes a long time.

Windows XP Pro SP2, with all critical updates
Generic Mid-tower
P 4, 1.5 GHZ
512 MB
40 GB HDD, IDE, 10 GB free, FAT32
Defragged on 8 Jan 2007, prior to my arrival.

Problem began 6 to 8 weeks ago. Opening MSN [ DSL, Qwest ] Explorer mail center & "my computer" take a long time. After opening Quicken

2004, which takes a long time, there remains a video "hole".

IE 7 installed by auto updates on 19 Nov 2006
Other Microsoft critical updates, to include Windows Defender, have been automatically obtained, regularly.

Avast 4.75 AV, home, free
No Firewall running. Windows firewall had been disabled, probably by malware.
Ad-Aware installed, but neither run nor updates obtained in a long time.

I began working on the PC on 08 Jan; found adware, spyware & a trojan.

Panda found spyware.
Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll

Spyware:Spyware/MyNetProtector Not disinfected C:\WINDOWS\system32\MNPAPUninstall.exe

Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\system32\bde3d_refp4.dll

Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi6.inf

Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf

Adware:Adware/KeenValue Not disinfected C:\WINDOWS\Downloaded Program Files\imloader.exe

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My

Documents\Data\Data\all_files2.exe[setup_td.exe]

Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My

Documents\Data\Data\all_files2.exe[apropos_client_loader.exe]

Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My

Documents\Data\all_files2.exe[setup_td.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My

Documents\Data\all_files2.exe[apropos_client_loader.exe]

Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My

Documents\Data\Data\all_files2.exe[setup_td.exe]

Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My

Documents\Data\Data\all_files2.exe[apropos_client_loader.exe]

Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My

Documents\Data\all_files2.exe[setup_td.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My

Documents\Data\all_files2.exe[apropos_client_loader.exe]

Spyware:Spyware/MyNetProtector Not disinfected C:\Program Files\MNPAntiPopup\mod_kw.dll

Spyware:Spyware/MyNetProtector Not disinfected C:\Program Files\MNPAntiPopup\mod_upd.dll

Spyware:Cookie/OfferOptimizer Not disinfected C:\FOUND.010\FILE0005.CHK

Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.010\FILE0014.CHK

Adware:adware/delfinmedia Not disinfected C:\keys.ini

Ewido report & multiple HJT scan logs available.

SpySweeper, full featured trial found spyware & registry entries for Haxdoor Trojan.
I do not have a SpySweeper report.

Today, 10 Jan 2007, I went back because the computer was still / again slow. It seemed faster after I finished, on 8 Jan, than before I started, on

8 Jan.

Before I began working on it, 8 Jan, someone had gone into the system config's start tab & disabled a lot of printer services, disk burning, MSFT

Office, Quicken, etc items. Nothing under "services" had been disabled. I will refer to this configuration as "user's normal mode".
Items checked:
NvCpl
hpztbs04
ashDisp
WkUFind
iTunesHelper
apdproxy
Location Finder
ctfmon
msmsgs
Adobe Gamma Loader
hpoddt01.exe
officejet 6100
Microsoft Office On. . .
PageKeeper Jobs
NkVwMon.exe
Adobe Reader Spe. . .

It is not slow in safe mode. 0 on a scale of 0 to 10, with 0 being no slowness; 10 being unusable. In "user's normal mode", it is 7.

It is slightly sluggish, value 1, with no services & no startup items loading.

With only non-Microsoft services enabled, value 3.

With non-Microsoft services & the user's items in startup, there is a little sluggishness, value 2.

I set the video acceleration to "none" [ had been at full ], but no change. The video is an AGP, 64 MB card.

I went into the event viewer & found:
Service Control Manager; ID 7023.
Searching this problem, I discovered a possible interaction with the Windows firewall. I tried to open the Windows firewall, but was greeted with:
"Due to an unidentified problem, windows cannot display Windows firewall settings".
I found http://support.microsoft.com/kb/920074
I followed fix #1. Now, the Windows firewall opens, but opening email & "my computer" still takes an unreasonably long time in the "user's normal

mode".

DCOM; ID 10010. The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register with DCOM within the required timeout.

From http://forum.pcstats.com/showthread.php?t=23210
"1.) Completely close internet explorer.
2.) Open your Control Panel
3.) Open "Internet Options"
4.) Open the "Advanced Tab"
5.) Under "Browsing" unselect the "Enable third-party browser extensions (requires restart)"
6.) Restart your computer

This shoud work to solve problems with opening My Computer, Using Windows Explorer, and some IE search problems."

It didn't.

I hope you can help me avoid a re-format & re-install.

Today, I ran Merijn's startup list under various configurations. If you need 1 of those, please let me know.

Sincerely,
RF123
 
schusterjo

· Registered
Joined
·
1,198 Posts
#2 ·
I sure hope we can help you, looks like the computer was pretty bad off as in infections. This is what I suggest
Download (on left side of page is download button, next to the flashing green light)
HijackThis Quick Start
Follow the directions and post the log here. somebody will come and tell you what to remove.
 
Rollin' Rog

· Registered
Joined
·
46,025 Posts
#3 ·
I can't really help much with any complex security issues -- however if you post a HijackThis scanlog taken in normal mode I can identify any inappropriate processes or startups.

edit -- your symptoms are confirmed related to the "apropos" infection, among others, which has not been cleaned.

Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My

Documents\Data\Data\all_files2.exe[apropos_client_loader.exe]

I'm going to move this to the Security forum and request some additional help for you.
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #4 ·
RR:
Thanks for responding to my request, Rog.

I do NOT think this is a security issue. After working with Ewido & Spy Sweeper, their reports came back clean, as did Panda.

Here's a HJT log I performed a few hours ago.

**************
Logfile of HijackThis v1.99.1
Scan saved at 4:40:06 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\08_jan_2007\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CutePDF Writer Companion - {8C3733AE-F794-439A-A959-844DCA64F1A2} - C:\Program Files\Acro Software\CutePDF Writer Companion\CPWC_Co.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123182834906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

*******************

I'll obtain the values you request within 12 hrs.

Sincerely,
RF123
 
Rollin' Rog

· Registered
Joined
·
46,025 Posts
#5 ·
Your Panda scan shows a lot of "not disninfected" malware. So I've moved you to Security.

The particular problem you report I recall being associated with apropos. Only after I looked at your Scan report -- did I actually see it being listed.

You might want to test the issue by creating a differnent User Account as well.
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #6 ·
Rog:
The Panda scan was run 08 Jan 2007, before I cleaned the computer.

I used SpySweeper, Ewido & KillBox, as well as manual deletion to get rid of the infection. I thought I had stated that, but clearly, I did not. I apologize for the confusion.

I started thread in the Win XP forum because I think the problem is NOT a current infection. I could be WRONG! :0 :)

Sincerely,
RF123
 
Rollin' Rog

· Registered
Joined
·
46,025 Posts
#7 ·
The apropos infection and possibly some of the others require special cleaning tools. They make a lot of hidden changes to the registry.

But outside of the "security" issue, I would test to see if it recurs in another, freshly created, User Account -- if it does and it's not a hardware issue either -- there's not much I can point to. The last scanlog is clean.

One thing you might try removing is Webroot -- I have seen this cause performance problems many times.

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
 
Cookiegal

· Administrator
Joined
·
124,719 Posts
First Name -
Karen
#10 ·
Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

  • Click “Configure scan options”
  • Under “Run AdOns” select the following:
    • Policies.def
    • Security.def
  • Click “apply”
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log.
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #12 ·
CG:
In safe mode, WinPFind's GUI will not completely display for me. I can see only the check boxes & the 1st 2 letters of the items. Oh well. I booted to normal mode, counted the # of boxes to locate Policies.def & Security.def. I hope they don't change position. :)

I created a new user account, per RR. The problem does not occur in the new user account [ also has admin level, same as main user ].

The PC is now with me. Here, "my computer" opens rapidly. The only differences are:
1. I use cable high speed; owner uses DSL.
2. I do not have the owner's printers & other peripherals connected.

I will post the WinPFind log / report after it has been generated, with a new HJT log.

Sincerely,
RF123
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #13 ·
In safe mode, I ran WinPFind. It stayed at scanning the system folders, for > 1/2 hr, with a blank report area. After 1/2 hr, I checked "task manager". There were 2 instances of
"WinPFind", each "not responding".
I ended the task.

What do you want me to do?

Statistics requested by RR, obtained in "normal" mode.

"test" user
Total memory 523568
Available mem 290044
Cache 290136

Commit
total 199784
limit 884296
peak 229268

Main user:
Total memory 523568
Available mem 270412
Cache 249752

Commit
total 223568
limit 884296
peak 234044

Sincerely,
RF123
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #15 ·
CG:

In safe mode, I ran WinPFind. It stayed at scanning the system folders, for > 1/2 hr, with a blank report area. After 1/2 hr, I checked "task manager". There were 2 instances of
"WinPFind", each "not responding".
I ended the task.

What do you want me to do?

Sincerely,
RF123
 
Cookiegal

· Administrator
Joined
·
124,719 Posts
First Name -
Karen
#16 ·
Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #17 ·
CG:
Hello. Thanks for providing "plan b".

As soon as I have a ComboFix report, I will post it.

I scanned at Panda.
Here are the results.

Incident Status Location

Spyware:spyware/whazit Not disinfected c:\windows\system32\kyf.dat
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\classes\MyWayToolBar.SettingsPlugin
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\WINDOWS\pss\PowerReg Scheduler.xexStartup
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\owner\Cookies\[email protected][2].txt
Spyware:Spyware/MyNetProtector Not disinfected C:\Recycled\Dc3.exe
Adware:Adware/SAHAgent Not disinfected C:\Recycled\Dc6.inf
Adware:Adware/IEDriver Not disinfected C:\Recycled\Dc8.exe[setup_td.exe]
Spyware:Spyware/Apropos Not disinfected C:\Recycled\Dc8.exe[apropos_client_loader.exe]
Adware:Adware/IEDriver Not disinfected C:\Recycled\Dc9.exe[setup_td.exe]
Spyware:Spyware/Apropos Not disinfected C:\Recycled\Dc9.exe[apropos_client_loader.exe]
Adware:Adware/IEDriver Not disinfected C:\Recycled\Dc10.exe[setup_td.exe]
Spyware:Spyware/Apropos Not disinfected C:\Recycled\Dc10.exe[apropos_client_loader.exe]
Adware:Adware/IEDriver Not disinfected C:\Recycled\Dc11.exe[setup_td.exe]
Spyware:Spyware/Apropos Not disinfected C:\Recycled\Dc11.exe[apropos_client_loader.exe]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Recycled\Dc12.CHK
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Recycled\Dc13.CHK

********************************

Sincerely,
RF123
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #18 ·
CG:

ComboFix report
Dennis S - 07-01-11 17:54:59.28 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\08_jan_2007"

((((((((((((((((((((((((((((((( Files Created from 2006-12-11 to 2007-01-11 ))))))))))))))))))))))))))))))))))

2007-01-09 17:05 d-------- C:\WINDOWS\ie7updates
2007-01-08 14:58 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-08 14:58 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-08 13:18 d-------- C:\Program Files\Grisoft
2007-01-08 13:16 27,510 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-08 10:00 d-------- C:\WINDOWS\system32\ActiveScan
2007-01-08 09:56 d-------- C:\08_jan_2007
2007-01-06 08:52 d-------- C:\Documents and Settings\Dennis S\Application Data\Walgreens

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-17 08:45 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-12-06 23:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 06:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 11:30 668976 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Location Finder"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"Belt"="C:\\WINDOWS\\Belt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"UpdateStats"="C:\\Program Files\\Media\\Media\\UpdateStats.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"UpdateStats"="C:\\Program Files\\Media\\Media\\UpdateStats.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
"NoDriveAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKEN\\BILLMIND.EXE "
"item"="Billminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Event Reminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Event Reminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Broderbund\\PrintMaster\\PMremind.exe "
"item"="Event Reminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKEN\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKEN\\QWDLLS.EXE "
"item"="Quicken Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Windows Desktop Search.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\MSN Toolbar Suite\\DS\\02.05.0000.1082\\en-us\\bin\\WindowsSearch.exe /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dennis S^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\Dennis S\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Dennis S\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dennis S^Start Menu^Programs^Startup^Webshots.lnk]
"path"="C:\\Documents and Settings\\Dennis S\\Start Menu\\Programs\\Startup\\Webshots.lnk"
"backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Webshots\\WEBSHO~1.EXE "
"item"="Webshots"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hpi_Monitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMKeybd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\MMKeybd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TaskPanl"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe\" -winstart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon03"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hphmon03.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppta]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpppta"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP PrecisionScan\\PrecisionScan Pro\\hpppta.exe\" /ICON"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMOLApp"
"hkey"="HKCU"
"command"="IMOLApp.exe /c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPPS-Control-Centre]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicCent"
"hkey"="HKCU"
"command"="C:\\Program Files\\Kodak\\PicturePageSoftware\\PicCent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="\"nwiz"
"hkey"="HKLM"
"command"="\"nwiz.exe\" /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OAKSTART]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OAKSTART"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OAKTASK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OAKTASK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="\"e:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="point32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QAGENT"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intuit\\QAgent\\QAGENT.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070108-170258-164
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
backup-20070108-170054-761
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
backup-20070108-170058-690
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
backup-20070108-170052-919
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070108-170046-867
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1714\windialup.exe (file missing)
backup-20070108-170050-128
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070108-170043-220
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1714\windialup.exe (file missing)
backup-20070108-170042-282
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
backup-20070108-170042-813
O4 - HKLM\..\Run: [ALYGQ] C:\WINDOWS\ALYGQ.exe
backup-20070108-170043-662
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
backup-20070108-170042-446
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
backup-20070108-170042-270
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
backup-20070108-170042-437
O4 - HKLM\..\Run: [t69k36Q] unigehlp.exe
backup-20070108-170042-639
O4 - HKLM\..\Run: [Corel® Custom Photo] "D:\setup32.exe" /rspfile="C:\WINDOWS\Corel\Corel® Custom Photo\5\RECOVERY.CSW" /g+ /close
backup-20070108-170042-492
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\app580.tmp
backup-20070108-170042-793
O4 - HKLM\..\Run: [zazzunc] C:\WINDOWS\System32\rnnuhn.exe
backup-20070108-170042-889
O4 - HKLM\..\Run: [AutoLoadert1q21INjLNOO] "C:\WINDOWS\System32\ltvund3d.exe" /PC="AM.WILD" /HideUninstall
backup-20070108-170042-283
F3 - REG:win.ini: run=C:\EPPRT\WSWPD.EXE

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1073527009.job

Completion time: 07-01-11 17:56:58.32

Sincerely,
RF123
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #19 ·
CG:

ComboFix report
Dennis S - 07-01-11 17:54:59.28 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\08_jan_2007"

((((((((((((((((((((((((((((((( Files Created from 2006-12-11 to 2007-01-11 ))))))))))))))))))))))))))))))))))

2007-01-09 17:05 d-------- C:\WINDOWS\ie7updates
2007-01-08 14:58 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-01-08 14:58 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-01-08 13:18 d-------- C:\Program Files\Grisoft
2007-01-08 13:16 27,510 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-08 10:00 d-------- C:\WINDOWS\system32\ActiveScan
2007-01-08 09:56 d-------- C:\08_jan_2007
2007-01-06 08:52 d-------- C:\Documents and Settings\Dennis S\Application Data\Walgreens

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-17 08:45 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-12-06 23:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 06:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 11:30 668976 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Location Finder"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cmesys\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"Belt"="C:\\WINDOWS\\Belt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\cmesys\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\Updater\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"UpdateStats"="C:\\Program Files\\Media\\Media\\UpdateStats.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Pcsv\UpdateStats\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Updater\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CMESys"="\"C:\\Program Files\\Common Files\\CMEII\\CMESys.exe\""
"wininetd"="C:\\WINDOWS\\System32\\wininetd.exe"
"OAKSTART"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"OAKTASK"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"UpdateStats"="C:\\Program Files\\Media\\Media\\UpdateStats.exe"
"IEDriver"="C:\\WINDOWS\\System32\\IEDriver\\IEDriver.exe"
"Pcsv"="C:\\WINDOWS\\system32\\pcs\\pcsvc.exe"
"Dpi"="C:\\Program Files\\Common Files\\Dpi\\dpi.exe"
"updater"="C:\\Program Files\\Common files\\updater\\wupdater.exe"
"SAHAgent"="C:\\WINDOWS\\System32\\SahAgent.exe"
"AutoUpdater"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"msbb"="C:\\WINDOWS\\System32\\msbb.exe"
"ALYGQ"="C:\\WINDOWS\\ALYGQ.exe"
"SpyHunter"=""
"EnigmaPopupStop"="C:\\Program Files\\SpyHunter\\PopupBlocker\\EnigmaPopupStop.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\UpdateStats\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
"NoDriveAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKEN\\BILLMIND.EXE "
"item"="Billminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Event Reminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Event Reminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Broderbund\\PrintMaster\\PMremind.exe "
"item"="Event Reminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKEN\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKEN\\QWDLLS.EXE "
"item"="Quicken Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Windows Desktop Search.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows Desktop Search.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\MSN Toolbar Suite\\DS\\02.05.0000.1082\\en-us\\bin\\WindowsSearch.exe /startup"
"item"="Windows Desktop Search"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dennis S^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\Dennis S\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Dennis S\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dennis S^Start Menu^Programs^Startup^Webshots.lnk]
"path"="C:\\Documents and Settings\\Dennis S\\Start Menu\\Programs\\Startup\\Webshots.lnk"
"backup"="C:\\WINDOWS\\pss\\Webshots.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Webshots\\WEBSHO~1.EXE "
"item"="Webshots"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hpi_Monitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_Monitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMKeybd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\MMKeybd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TaskPanl"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe\" -winstart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon03"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hphmon03.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppta]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpppta"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP PrecisionScan\\PrecisionScan Pro\\hpppta.exe\" /ICON"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMOLApp"
"hkey"="HKCU"
"command"="IMOLApp.exe /c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPPS-Control-Centre]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicCent"
"hkey"="HKCU"
"command"="C:\\Program Files\\Kodak\\PicturePageSoftware\\PicCent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="\"nwiz"
"hkey"="HKLM"
"command"="\"nwiz.exe\" /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OAKSTART]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OAKSTART"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKSTART.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OAKTASK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OAKTASK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\OAKTEC~1\\OAKSIM~1\\OAKTASK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="\"e:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POINTER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="point32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QAGENT"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intuit\\QAgent\\QAGENT.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\PhotoSmart\\HP Share-to-Web\\hpgs2wnd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070108-170258-164
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
backup-20070108-170054-761
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
backup-20070108-170058-690
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
backup-20070108-170052-919
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070108-170046-867
O9 - Extra 'Tools' menuitem: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1714\windialup.exe (file missing)
backup-20070108-170050-128
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070108-170043-220
O9 - Extra button: Internet SEXplorer - {47055D63-DFCD-11d3-8406-00500445A7D1} - C:\WINDOWS\System32\windialup\1714\windialup.exe (file missing)
backup-20070108-170042-282
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
backup-20070108-170042-813
O4 - HKLM\..\Run: [ALYGQ] C:\WINDOWS\ALYGQ.exe
backup-20070108-170043-662
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
backup-20070108-170042-446
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
backup-20070108-170042-270
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY
backup-20070108-170042-437
O4 - HKLM\..\Run: [t69k36Q] unigehlp.exe
backup-20070108-170042-639
O4 - HKLM\..\Run: [Corel® Custom Photo] "D:\setup32.exe" /rspfile="C:\WINDOWS\Corel\Corel® Custom Photo\5\RECOVERY.CSW" /g+ /close
backup-20070108-170042-492
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\DENNIS~1\LOCALS~1\Temp\app580.tmp
backup-20070108-170042-793
O4 - HKLM\..\Run: [zazzunc] C:\WINDOWS\System32\rnnuhn.exe
backup-20070108-170042-889
O4 - HKLM\..\Run: [AutoLoadert1q21INjLNOO] "C:\WINDOWS\System32\ltvund3d.exe" /PC="AM.WILD" /HideUninstall
backup-20070108-170042-283
F3 - REG:win.ini: run=C:\EPPRT\WSWPD.EXE

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1073527009.job

Completion time: 07-01-11 17:56:58.32

Sincerely,
RF123
 
R

· Registered
Joined
·
8,266 Posts
Discussion Starter · #20 ·
CG:
HJT log

C:\ComboFix.txt ... 07-01-11 17:57

*********************

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 6:23:18 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\08_jan_2007\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CutePDF Writer Companion - {8C3733AE-F794-439A-A959-844DCA64F1A2} - C:\Program Files\Acro Software\CutePDF Writer Companion\CPWC_Co.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123182834906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

Sincerely,
RF123
 
1 - 20 of 100 Posts
Status
Not open for further replies.
About this Discussion
99 Replies
4 Participants
Last post:
rainforest123
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top