Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Red X on MyComputer Directory [CLOSED]

Started by joppa , Mar 13 2008 01:56 PM

  • This topic is locked This topic is locked

#1
joppa
Posted 13 March 2008 - 01:56 PM

joppa

    Member

  • Member
  • PipPip
  • 10 posts
HI

I have been battling a nasy vundo virus that keeps coming back. I have McAfee and keep it up to date, but it could not get rid of it. I followed all the steps you recommended before posting the Hijack this log. I had run Vundofix previously and it found the virus the first time, but did not get rid of it. It did not show up in any further scans with Vundofix, but I was still getting pop ups.
After going through your list, ActiveScan, AVG and SuperAntiSpyWare all found adware and deleted it in safe mode. I also deleted about 3,000 files from MyDocuments that all began with POS___.tmp with the blank being a number/letter combo. I had to do this in Safe mode, it would not let me delete otherwise.

No popups since - but that ominous Red X is still there. It would be great to get a clean bill of health and get rid of the X. Thanks for looking at this!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:20 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {24B5C160-DD3B-4CD2-B041-19876F2EEFA0} - (no file)
O2 - BHO: (no name) - {27CD05DE-5176-46F3-A36C-41A8D71537F6} - (no file)
O2 - BHO: (no name) - {28358C71-6EF5-4DB3-B08E-4DD0F43BB21C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {85FC8392-DF0A-44A8-8E9D-A53B1D2BADA2} - C:\WINDOWS\system32\efcya.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {07ff1bef-b416-fbda-f754-d81b9e7f715c} - {c517f7e9-b18d-457f-adbf-614bfeb1ff70} - C:\WINDOWS\system32\xlhryjus.dll
O2 - BHO: (no name) - {eb8f1470-82cd-4592-bca2-a90ebaa09b99} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204549011656
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11367 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 14 March 2008 - 08:49 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
joppa
Posted 16 March 2008 - 05:52 PM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for helping me! I still am getting web sites pop up and the red x is still there after running Combofix. Before I ran it my laptop would not boot, I had to find the system disk. I got the blue screen just now, and it says that i have a driver causing the system to shut down. Well, here are the new logs. Thanks again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:11 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {85FC8392-DF0A-44A8-8E9D-A53B1D2BADA2} - C:\WINDOWS\system32\efcya.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {07ff1bef-b416-fbda-f754-d81b9e7f715c} - {c517f7e9-b18d-457f-adbf-614bfeb1ff70} - C:\WINDOWS\system32\xlhryjus.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204549011656
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10841 bytes

ComboFix 08-03-14.4 - Elaine Fearnley 2008-03-16 18:02:21.1 - NTFSx86
Running from: C:\Documents and Settings\Elaine Fearnley\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8b045249.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aooekksk.dll
C:\WINDOWS\system32\axcjsfbx.dll
C:\WINDOWS\SYSTEM32\aycfe.ini
C:\WINDOWS\SYSTEM32\aycfe.ini2
C:\WINDOWS\system32\bjcoknny.dll
C:\WINDOWS\system32\bqsguuyi.dll
C:\WINDOWS\system32\cownffes.dll
C:\WINDOWS\SYSTEM32\cxjdudvy.ini
C:\WINDOWS\system32\dgjmhcee.dll
C:\WINDOWS\system32\djjypmco.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\dwwamdvr.ini
C:\WINDOWS\SYSTEM32\eechmjgd.ini
C:\WINDOWS\system32\ejwbnrrt.dll
C:\WINDOWS\system32\enqrsmuh.dll
C:\WINDOWS\system32\iebiuggf.dll
C:\WINDOWS\SYSTEM32\ifmawtva.ini
C:\WINDOWS\SYSTEM32\ilnmp.ini2
C:\WINDOWS\system32\ivuucojj.dll
C:\WINDOWS\system32\ixywetsv.dll
C:\WINDOWS\SYSTEM32\iyuugsqb.ini
C:\WINDOWS\SYSTEM32\jjocuuvi.ini
C:\WINDOWS\SYSTEM32\jmaanhuk.ini
C:\WINDOWS\system32\kdvpweta.dll
C:\WINDOWS\system32\klivwycy.dll
C:\WINDOWS\SYSTEM32\kmnmp.ini
C:\WINDOWS\SYSTEM32\kmnmp.ini2
C:\WINDOWS\system32\kvlauvbk.dll
C:\WINDOWS\system32\lbyfqerf.dll
C:\WINDOWS\system32\ldyvuusb.dll
C:\WINDOWS\system32\lgbptrjj.dll
C:\WINDOWS\SYSTEM32\lkkmp.ini
C:\WINDOWS\SYSTEM32\lkkmp.ini2
C:\WINDOWS\system32\lmnmlwyo.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mehkikte.dll
C:\WINDOWS\SYSTEM32\mrnupcqw.ini
C:\WINDOWS\SYSTEM32\mrvmrqyn.ini
C:\WINDOWS\system32\owcfoggs.dll
C:\WINDOWS\system32\pjlaanew.dll
C:\WINDOWS\SYSTEM32\qtsru.ini
C:\WINDOWS\SYSTEM32\qtsru.ini2
C:\WINDOWS\system32\qxhpebpy.dll
C:\WINDOWS\SYSTEM32\rotjsbko.ini
C:\WINDOWS\system32\rvdmawwd.dll
C:\WINDOWS\SYSTEM32\sggofcwo.ini
C:\WINDOWS\system32\skagfpvm.dll
C:\WINDOWS\SYSTEM32\trrnbwje.ini
C:\WINDOWS\system32\uakotjtv.dll
C:\WINDOWS\SYSTEM32\ubagxvpv.ini
C:\WINDOWS\system32\ujwlmgwt.dll
C:\WINDOWS\SYSTEM32\uvrmwpqy.ini
C:\WINDOWS\SYSTEM32\venjgyqy.ini
C:\WINDOWS\system32\vfluswya.dll
C:\WINDOWS\system32\vmcjewia.dll
C:\WINDOWS\system32\vpvxgabu.dll
C:\WINDOWS\system32\vxxdvrjk.dll
C:\WINDOWS\system32\wqcpunrm.dll
C:\WINDOWS\SYSTEM32\xqkkdfxc.ini
C:\WINDOWS\SYSTEM32\ycmlciws.ini
C:\WINDOWS\SYSTEM32\ynnkocjb.ini
C:\WINDOWS\SYSTEM32\yrngxinh.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-13 15:47 . 2008-03-13 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-13 11:14 . 2008-03-13 11:14 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-11 21:43 . 2008-03-11 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 21:42 . 2008-03-14 05:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-11 21:42 . 2008-03-11 21:42 <DIR> d-------- C:\Documents and Settings\Elaine Fearnley\Application Data\SUPERAntiSpyware.com
2008-03-11 21:40 . 2008-03-11 21:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 06:12 . 2008-03-10 06:12 <DIR> d-------- C:\Documents and Settings\Elaine Fearnley\Application Data\Grisoft
2008-03-10 06:11 . 2008-03-10 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 06:11 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-10 00:29 . 2008-03-11 05:14 4,364,818 ---hs---- C:\WINDOWS\SYSTEM32\aoknrxlm.ini
2008-03-09 11:53 . 2008-03-09 11:53 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-09 11:53 . 2008-03-09 11:53 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-09 11:53 . 2008-03-09 11:53 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-03-09 11:52 . 2008-03-09 19:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-09 00:24 . 2008-03-10 00:24 2,334,483 ---hs---- C:\WINDOWS\SYSTEM32\huhtvvuc.ini
2008-03-08 23:32 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-08 22:56 . 2008-03-09 08:23 <DIR> d-------- C:\VundoFix Backups
2008-03-07 20:36 . 2008-03-08 20:37 5,315,710 ---hs---- C:\WINDOWS\SYSTEM32\rjgefkrt.ini
2008-03-06 21:26 . 2007-12-06 22:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-03-06 21:26 . 2007-06-30 23:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-03-06 21:26 . 2007-06-30 23:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-03-06 21:26 . 2007-12-06 22:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-03-06 21:26 . 2007-12-06 22:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-03-06 21:26 . 2007-12-06 22:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-03-06 21:26 . 2007-12-06 22:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-03-06 21:26 . 2007-12-06 22:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-03-06 21:26 . 2007-12-06 07:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-03-06 20:32 . 2008-03-07 15:57 2,326,111 ---hs---- C:\WINDOWS\SYSTEM32\isnbursq.ini
2008-03-04 03:07 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-03-04 03:07 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-03-03 20:17 . 2008-03-03 20:17 76 --a------ C:\WINDOWS\SYSTEM32\ikhcore.cfg
2008-03-03 18:45 . 2008-03-03 19:06 1,303,893 ---hs---- C:\WINDOWS\SYSTEM32\legmrlqn.ini
2008-02-21 08:57 . 2008-02-21 08:57 <DIR> d-------- C:\Documents and Settings\Elaine Fearnley\Application Data\ArcSoft
2008-02-21 07:23 . 2008-03-03 22:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 07:22 . 2008-02-21 07:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\runtime
2008-02-19 19:56 . 2008-02-19 19:56 327,168 --a------ C:\WINDOWS\SYSTEM32\pmnli.dll_old

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 22:33 --------- d-----w C:\Program Files\Palm
2008-03-09 21:52 --------- d-----w C:\Program Files\Google
2008-03-09 21:52 --------- d-----w C:\Program Files\FinePixViewer
2008-03-09 21:51 --------- d-----w C:\Program Files\DellSupport
2008-03-09 21:42 --------- d-----w C:\Program Files\ACT
2008-03-08 15:43 --------- d-----w C:\Program Files\World of Warcraft
2008-02-28 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-28 13:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-21 12:42 --------- d-----w C:\Program Files\Abacast
2008-02-16 17:05 --------- d-----w C:\Program Files\McAfee
2008-02-10 01:55 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-01-28 23:14 --------- d-----w C:\Documents and Settings\Elaine Fearnley\Application Data\Apple Computer
2006-11-09 10:00 684 -c-ha-w C:\Documents and Settings\Elaine Fearnley\hpothb07.dat
2006-11-09 10:00 183 -c-ha-w C:\Documents and Settings\Elaine Fearnley\Application Data\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24B5C160-DD3B-4CD2-B041-19876F2EEFA0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27CD05DE-5176-46F3-A36C-41A8D71537F6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28358C71-6EF5-4DB3-B08E-4DD0F43BB21C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85FC8392-DF0A-44A8-8E9D-A53B1D2BADA2}]
C:\WINDOWS\system32\efcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c517f7e9-b18d-457f-adbf-614bfeb1ff70}]
C:\WINDOWS\system32\xlhryjus.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eb8f1470-82cd-4592-bca2-a90ebaa09b99}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 17:43 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 19:17 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 19:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 09:35 536576]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2003-06-20 16:18 368640]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01 155648]
"MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe" [2006-01-19 12:06 110592]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 13:45 257088]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 03:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06 11776]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"combofix"="C:\WINDOWS\system32\CF19553.exe" [2004-08-04 03:56 388608]

C:\Documents and Settings\Elaine Fearnley\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-19 22:13:50 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-03-28 09:46:23 82026]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-01-13 11:23:38 724992]
SideACT!.lnk - C:\Program Files\ACT\SideACT.exe [2004-09-30 14:48:37 278589]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-06-02 09:37:17 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddde]
fccddde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0495a838-20cb-11dc-a6cf-000d563b9f92}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0495a83a-20cb-11dc-a6cf-000d563b9f92}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b69fb82-0742-11dc-a6ac-000d563b9f92}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 18:19:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-02-23 01:56:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1068856138.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-11-15 06:25:29 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:12 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-16 22:22:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 18:21:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-03-16 18:29:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 22:29:45
.
2008-03-16 21:32:08 --- E O F ---
  • 0

#4
Rorschach112
Posted 16 March 2008 - 06:22 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\aoknrxlm.ini
C:\WINDOWS\SYSTEM32\huhtvvuc.ini
C:\WINDOWS\SYSTEM32\rjgefkrt.ini
C:\WINDOWS\SYSTEM32\legmrlqn.ini
C:\WINDOWS\SYSTEM32\pmnli.dll_old
F:\LaunchU3.exe
E:\LaunchU3.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0495a838-20cb-11dc-a6cf-000d563b9f92}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0495a83a-20cb-11dc-a6cf-000d563b9f92}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b69fb82-0742-11dc-a6ac-000d563b9f92}]

DirLook::
C:\WINDOWS\SYSTEM32\runtime


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot and post a new HijackThis log
  • 0

#5
joppa
Posted 17 March 2008 - 12:52 AM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the new Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:41 AM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {85FC8392-DF0A-44A8-8E9D-A53B1D2BADA2} - C:\WINDOWS\system32\efcya.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {07ff1bef-b416-fbda-f754-d81b9e7f715c} - {c517f7e9-b18d-457f-adbf-614bfeb1ff70} - C:\WINDOWS\system32\xlhryjus.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204549011656
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11144 bytes
  • 0

#6
Rorschach112
Posted 17 March 2008 - 09:50 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Can you post the ComboFix log from the previous post



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {85FC8392-DF0A-44A8-8E9D-A53B1D2BADA2} - C:\WINDOWS\system32\efcya.dll (file missing)
O2 - BHO: {07ff1bef-b416-fbda-f754-d81b9e7f715c} - {c517f7e9-b18d-457f-adbf-614bfeb1ff70} - C:\WINDOWS\system32\xlhryjus.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HijackThis log
  • 0

#7
joppa
Posted 17 March 2008 - 05:11 PM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Happy St Patricks Day from Boston

Thanks again - here is the new Hijackthis log and the combofix log I dragged into the application.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:45 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1204549011656
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10505 bytes




ComboFix 08-03-14.4 - Elaine Fearnley 2008-03-16 23:12:37.2 - NTFSx86
Running from: C:\Documents and Settings\Elaine Fearnley\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Elaine Fearnley\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\aoknrxlm.ini
C:\WINDOWS\SYSTEM32\huhtvvuc.ini
C:\WINDOWS\SYSTEM32\legmrlqn.ini
C:\WINDOWS\SYSTEM32\pmnli.dll_old
C:\WINDOWS\SYSTEM32\rjgefkrt.ini
E:\LaunchU3.exe
F:\LaunchU3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\aoknrxlm.ini
C:\WINDOWS\SYSTEM32\huhtvvuc.ini
C:\WINDOWS\SYSTEM32\legmrlqn.ini
C:\WINDOWS\SYSTEM32\pmnli.dll_old
C:\WINDOWS\SYSTEM32\rjgefkrt.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-13 15:47 . 2008-03-13 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-13 11:14 . 2008-03-13 11:14 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-11 21:43 . 2008-03-11 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 21:42 . 2008-03-14 05:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-11 21:42 . 2008-03-11 21:42 <DIR> d-------- C:\Documents and Settings\Elaine Fearnley\Application Data\SUPERAntiSpyware.com
2008-03-11 21:40 . 2008-03-11 21:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 06:12 . 2008-03-10 06:12 <DIR> d-------- C:\Documents and Settings\Elaine Fearnley\Application Data\Grisoft
2008-03-10 06:11 . 2008-03-10 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 06:11 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-09 11:53 . 2008-03-09 11:53 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-09 11:53 . 2008-03-09 11:53 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-09 11:53 . 2008-03-09 11:53 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-03-09 11:52 . 2008-03-09 19:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-08 23:32 . 2008-03-09 18:36 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-08 22:56 . 2008-03-09 08:23 <DIR> d-------- C:\VundoFix Backups
2008-03-06 21:26 . 2007-12-06 22:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-03-06 21:26 . 2007-06-30 23:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-03-06 21:26 . 2007-06-30 23:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-03-06 21:26 . 2007-12-06 22:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-03-06 21:26 . 2007-12-06 22:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-03-06 21:26 . 2007-12-06 22:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-03-06 21:26 . 2007-12-06 22:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-03-06 21:26 . 2007-12-06 22:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-03-06 21:26 . 2007-12-06 07:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-03-06 20:32 . 2008-03-07 15:57 2,326,111 ---hs---- C:\WINDOWS\SYSTEM32\isnbursq.ini
2008-03-04 03:07 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-03-04 03:07 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-03-03 20:17 . 2008-03-03 20:17 76 --a------ C:\WINDOWS\SYSTEM32\ikhcore.cfg
2008-02-21 08:57 . 2008-02-21 08:57 <DIR> d-------- C:\Documents and Settings\Elaine Fearnley\Application Data\ArcSoft
2008-02-21 07:23 . 2008-03-03 22:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 07:22 . 2008-02-21 07:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\runtime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 22:33 --------- d-----w C:\Program Files\Palm
2008-03-09 21:52 --------- d-----w C:\Program Files\Google
2008-03-09 21:52 --------- d-----w C:\Program Files\FinePixViewer
2008-03-09 21:51 --------- d-----w C:\Program Files\DellSupport
2008-03-09 21:42 --------- d-----w C:\Program Files\ACT
2008-03-08 15:43 --------- d-----w C:\Program Files\World of Warcraft
2008-02-28 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-28 13:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-21 12:42 --------- d-----w C:\Program Files\Abacast
2008-02-16 17:05 --------- d-----w C:\Program Files\McAfee
2008-02-10 01:55 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-01-28 23:14 --------- d-----w C:\Documents and Settings\Elaine Fearnley\Application Data\Apple Computer
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2006-11-09 10:00 684 -c-ha-w C:\Documents and Settings\Elaine Fearnley\hpothb07.dat
2006-11-09 10:00 183 -c-ha-w C:\Documents and Settings\Elaine Fearnley\Application Data\hpothb07.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\SYSTEM32\runtime ----



((((((((((((((((((((((((((((( snapshot@2008-03-16_18.29.08.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 20:47:15 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-03-17 02:50:06 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-03-16 20:47:15 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-03-17 02:50:06 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-03-16 20:47:15 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-03-17 02:50:06 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-17 02:44:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85FC8392-DF0A-44A8-8E9D-A53B1D2BADA2}]
C:\WINDOWS\system32\efcya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c517f7e9-b18d-457f-adbf-614bfeb1ff70}]
C:\WINDOWS\system32\xlhryjus.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 17:43 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 19:17 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 19:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 09:35 536576]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2003-06-20 16:18 368640]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01 155648]
"MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe" [2006-01-19 12:06 110592]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 13:45 257088]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 03:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06 11776]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\Elaine Fearnley\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-07-19 22:13:50 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-03-28 09:46:23 82026]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-01-13 11:23:38 724992]
SideACT!.lnk - C:\Program Files\ACT\SideACT.exe [2004-09-30 14:48:37 278589]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-06-02 09:37:17 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddde]
fccddde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 18:19:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-02-23 01:56:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1068856138.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2007-11-15 06:25:29 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:12 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-03-17 02:47:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 23:19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 23:22:49
ComboFix-quarantined-files.txt 2008-03-17 03:22:41
ComboFix2.txt 2008-03-16 22:29:54
.
2008-03-16 21:32:08 --- E O F ---
  • 0

#8
Rorschach112
Posted 18 March 2008 - 05:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#9
joppa
Posted 19 March 2008 - 12:54 PM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi

Here is the scan - it found 11 items

The laptop is running much better. It still takes a long time to boot up, though. In the past I attributed that to MacAfee, but I am not sure that is the issue. Now, of course, I have several anti Malware programs installed.

Thanks yet again!

Malwarebytes' Anti-Malware 1.08
Database version: 503

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 157231
Time elapsed: 2 hour(s), 47 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
  • 0

#10
Rorschach112
Posted 19 March 2008 - 04:56 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

Advertisements

#11
joppa
Posted 20 March 2008 - 03:49 AM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Awesome! Thank you SO much!!

I uninstalled all the anti spyware except AVG and MacAfee (which is included in my cable modem subscription) If I should just use one, will MacAfee be OK? I downloaded all of your other suggestions as well and installed FireFox.

I still have the Red X icon on my C drive. I am not sure what that means now.
  • 0

#12
Rorschach112
Posted 20 March 2008 - 06:10 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yep just use one

Lets remove that

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@ECHO OFF
If exist DrvIconQuery.txt Del DrvIconQuery.txt
Echo Report>>DrvIconQuery.txt
Echo %date% %time% >>DrvIconQuery.txt
Echo.>>DrvIconQuery.txt
@ECHO Working.......
Reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /s >> DrvIconQuery.txt
start notepad DrvIconQuery.txt


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in FixService.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find FixService.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Make sure you attach the report in your reply
  • 0

#13
joppa
Posted 20 March 2008 - 06:27 PM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks again here is the report



Report
Thu 03/20/2008 20:25:16.96


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarSizeMove REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Type REG_SZ group
Text REG_SZ @shell32.dll,-30498
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51140

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30506
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ClassicViewState
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51076

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons
Text REG_SZ @shell32.dll,-30497
Type REG_SZ checkbox
ValueName REG_SZ {21EC2020-3AEA-1069-A2DD-08002B30309D}
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x1
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51150

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30507
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ SeparateProcess
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51079

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30517
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ DisableThumbnailCache
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51155

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30514
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FolderContentsInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30511
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ FriendlyTree
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51149
DefaultValue REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
Text REG_SZ @shell32.dll,-30499
Type REG_SZ group
Bitmap REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,4
HelpID REG_SZ shell.hlp#51131

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30501
Type REG_SZ radio
CheckedValue REG_DWORD 0x2
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51104

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Text REG_SZ @shell32.dll,-30500
Type REG_SZ radio
CheckedValue REG_DWORD 0x1
ValueName REG_SZ Hidden
DefaultValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001
HelpID REG_SZ shell.hlp#51105

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30503
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ HideFileExt
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51101

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30509
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ NoNetCrawling
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51147

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30513
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ PersistBrowsers
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51152
DefaultValue REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30512
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowCompColor
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30504
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPath
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30505
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
ValueName REG_SZ FullPathAddress
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51107

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30502
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowInfoTip
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
DefaultValue REG_DWORD 0x1
HelpID REG_SZ shell.hlp#51102

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30518
HKeyRoot REG_DWORD 0x80000002
RegPath REG_SZ System\CurrentControlSet\Control\LSA
ValueName REG_SZ ForceGuest
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51154
DefaultValue REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30508
WarningIfNotDefault REG_SZ @shell32.dll,-28964
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ ShowSuperHidden
CheckedValue REG_DWORD 0x0
UncheckedValue REG_DWORD 0x1
DefaultValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51103

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets
Text REG_SZ Managing pairs of Web pages and folders
HelpID REG_SZ TBD
Type REG_SZ group
Bitmap REG_SZ C:\WINDOWS\System32\\SHELL32.DLL,4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO
CheckedValue REG_DWORD 0x0
Type REG_SZ radio
ValueName REG_SZ NoFileFolderConnection
HelpID REG_SZ TBD
Text REG_SZ Show and manage the pair as a single file
DefaultValue REG_DWORD 0x0
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer
HKeyRoot REG_DWORD 0x80000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE
ValueName REG_SZ NoFileFolderConnection
DefaultValue REG_DWORD 0x0
Text REG_SZ Show both parts but manage as a single file
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer
HelpID REG_SZ TBD
Type REG_SZ radio
CheckedValue REG_DWORD 0x2
HKeyRoot REG_DWORD 0x80000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE
CheckedValue REG_DWORD 0x1
Type REG_SZ radio
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer
HelpID REG_SZ TBD
ValueName REG_SZ NoFileFolderConnection
DefaultValue REG_DWORD 0x0
Text REG_SZ Show both parts and manage them individually

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade
Type REG_SZ checkbox
Text REG_SZ @shell32.dll,-30510
HKeyRoot REG_DWORD 0x80000001
RegPath REG_SZ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ValueName REG_SZ WebViewBarricade
CheckedValue REG_DWORD 0x1
UncheckedValue REG_DWORD 0x0
HelpID REG_SZ shell.hlp#51148
DefaultValue REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDll
<NO NAME> REG_SZ 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\15
RegisteredApp REG_SZ Mail

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\16
Association REG_SZ .cda

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17
ShellExecute REG_SZ ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\18
ShellExecute REG_SZ calc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\7
Association REG_SZ http

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations
XMLLookup REG_SZ http://shell.windows...ass...x&Ext=%s
Application REG_SZ http://shell.windows...edir.asp?Ext=%s
intl REG_SZ http://shell.windows...ass...x&Ext=%s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Clsid
C681CA08-C693-4B96-8031-566ED446E9AB REG_SZ
346617CD-E9F1-4891-B1D1-FA3694F368E7 REG_SZ
<NO NAME> REG_SZ
FFDE5359-5502-4f1a-8395-EFCAEEE02D3D REG_SZ
BBEB08F8-9126-4e20-AAD3-70B470144C7E REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files
*setup*.exe REG_SZ
*instal*.exe REG_SZ
*setup*.bat REG_SZ
*instal*.bat REG_SZ
*setup*.cmd REG_SZ
*instal*.cmd REG_SZ
*setup*.com REG_SZ
*instal*.com REG_SZ
Y?kle* REG_SZ
Felrak.exe REG_SZ
Imposta.exe REG_SZ
KUR.exe REG_SZ
Ayarla.exe REG_SZ
sfc2.ico REG_SZ
evanims REG_SZ
00000001.tmp REG_SZ
updmoney.exe REG_SZ
hs\media\y\11399\11399_cd_fp.jpg REG_SZ
hs\media\y\9953\9953_cd_fp.jpg REG_SZ
hs\media\y\9951\9951_cd_fp.jpg REG_SZ
hs\media\y\9964\9964_cd_fp.jpg REG_SZ
hs\media\y\9968\9968_cd_fp.jpg REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\EventHandlers\MediaArrival

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\MusicFilesContentHandler\FriendlyName
Content REG_SZ music files
IconLabel REG_SZ Music files (WMA/MP3)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler
DefaultIcon REG_EXPAND_SZ shimgvw.dll,3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\DeviceArrival
ShowPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\EventHandlers\MediaArrival
ShowPicturesOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\PicturesContentHandler\FriendlyName
Content REG_SZ picture files
IconLabel REG_SZ Pictures

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-224

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\EventHandlers\MediaArrival

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeHandlers\VideoFilesContentHandler\FriendlyName
Content REG_SZ video files
IconLabel REG_SZ Video

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\MusicFilesContentSniffer
ContentTypeHandler REG_SZ MusicFilesContentHandler
RelPattern REG_MULTI_SZ *.wma\0HIFI\*\*.wma\0*.mp3\0HIFI\*\*.mp3\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\PicturesContentSniffer
ContentTypeHandler REG_SZ PicturesContentHandler
RelPattern REG_MULTI_SZ *.bmp\0DCIM\*\*.bmp\0*.jpg\0DCIM\*\*.jpg\0*.gif\0DCIM\*\*.gif\0DC*\*.jpg\0*.tif\0MSSONY\*\*.tif\0IM*\*.jpg\0CAMERA01\*.jpg\0DC*\BR*\*.jpg\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer
ContentTypeHandler REG_SZ VideoFilesContentHandler
RelPattern REG_MULTI_SZ *.mpg\0VIDEO\*.mpg\0*.mpeg\0VIDEO\*.mpeg\0*.asf\0VIDEO\*.asf\0MSSONY\*\*.mpg\0MSSONY\*\*.mpeg\0*.wmv\0VIDEO\*.wmv\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceClasses\{CC7BFB41-F175-11D1-A392-00E0291F3959}
DeviceHandlers REG_SZ VideoCameraDeviceHandler
Label REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61827
Icons REG_MULTI_SZ C:\WINDOWS\System32\shell32.dll,-317\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Camera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-309\0\0
Label REG_SZ Digital Camera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CellPhone
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-310\0\0
Label REG_SZ Cell Phone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\CFStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-303\0\0
Label REG_SZ CompactFlash Reader/Writer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ClikDrive
Label REG_SZ Clik! Drive
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\FaxDevice
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-196\0\0
Label REG_SZ Fax Machine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\FinePixMedia
Icons REG_MULTI_SZ C:\Program Files\FinePixViewer\FINEPIX.ICO\0\0
<NO NAME> REG_SZ
Label REG_SZ FinePix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ImageMate
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
NoMediaIcons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-229\0\0
Label REG_SZ ImageMate
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\JazDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-312\0\0
Label REG_SZ Jaz Drive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-305\0\0
Label REG_SZ Memory Stick
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\MemoryStick-MG
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-233\0\0
Label REG_SZ Memory Stick - MG
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\OpticalDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-301\0\0
Label REG_SZ Optical Drive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PCMCIAStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-306\0\0
Label REG_SZ PCMCIA Storage Device

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PocketPC
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-314\0\0
Label REG_SZ Pocket PC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\PortableAudioPlayer
Label REG_SZ Portable Audio Player
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-299\0\0
NoSoftEject REG_SZ 0x00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Printer
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-17\0\0
Label REG_SZ Printer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\Scanner
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-315\0\0
Label REG_SZ Scanner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\SMStorage
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-308\0\0
Label REG_SZ SmartMedia Reader/Writer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\TapeDrive
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-300\0\0
Label REG_SZ Tape Drive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\VideoCamera
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-317\0\0
Label REG_SZ Digital Video Camera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive100
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceGroups\ZipDrive250
Icons REG_MULTI_SZ %SystemRoot%\system32\shell32.dll,-230\0\0
Label REG_SZ Zip Drive 250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CompaqPA1Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CompaqPA1Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CompaqPA1Handler\EventHandlers\DeviceArrival
CompaqPA1Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIcHandler\EventHandlers\DeviceArrival
CreativeNomadIIcArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIHandler\EventHandlers\DeviceArrival
CreativeNomadIIArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadIIMGHandler\EventHandlers\DeviceArrival
CreativeNomadIIMGArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\CreativeNomadJukeboxHandler\EventHandlers\DeviceArrival
CreativeNomadJukeboxArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DigisetteDuo64Handler\EventHandlers\DeviceArrival
DigisetteDuo64Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\DLinkDMP110Handler\EventHandlers\DeviceArrival
DLinkDMP110Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\ContentTypes
MusicFilesContentSniffer REG_SZ
PicturesContentSniffer REG_SZ
VideoFilesContentSniffer REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\DeviceArrival
GenericVolumeArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\GenericVolumeHandler\EventHandlers\MediaArrival
GenericVolumeArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Intel3000Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Intel3000Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Intel3000Handler\EventHandlers\DeviceArrival
Intel3000Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IntelPocketConcertHandler\EventHandlers\DeviceArrival
IntelPocketConcertArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\IomegaHipZipHandler\EventHandlers\DeviceArrival
IomegaHipZipArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\NikepsaplayHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\NikepsaplayHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\NikepsaplayHandler\EventHandlers\DeviceArrival
NikepsaplayArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Ravemp2300Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Ravemp2300Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Ravemp2300Handler\EventHandlers\DeviceArrival
Ravemp2300Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio600Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio600Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio600Handler\EventHandlers\DeviceArrival
Rio600Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio800Handler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio800Handler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\Rio800Handler\EventHandlers\DeviceArrival
Rio800Arrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RioOneHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RioOneHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RioOneHandler\EventHandlers\DeviceArrival
RioOneArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RNDeviceHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RNDeviceHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\RNDeviceHandler\EventHandlers\DeviceArrival
RNDeviceArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\DeviceHandlers\VideoCameraDeviceHandler\EventHandlers\DeviceArrival
VideoCameraArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\AutorunINFLegacyArrival
MSOpenFolder REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CompaqPA1Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadIIArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadIIcArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadIIMGArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\CreativeNomadJukeboxArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\DigisetteDuo64Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\DLinkDMP110Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\GenericVolumeArrival
MSGenericVolumeArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\HandleCDBurningOnArrival
MSCDBurningOnArrival REG_SZ
SonicRnCdOnArrival REG_SZ
RPCDBurningOnArrival REG_SZ
MSWMPBurnCDOnArrival REG_SZ
MMJBAutoplayBURNERPLUS REG_SZ
iTunesBurnCDOnArrival REG_SZ
VxDlaCdOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Intel3000Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\IntelPocketConcertArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\IomegaHipZipArrival
MSWMDMHandler REG_SZ
MSOpenFolder REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MixedContentOnArrival
MSOpenFolder REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\MTPMediaPlayerArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\NikepsaplayArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival
MSPlayCDAudioOnArrival REG_SZ
MSOpenFolder REG_SZ
RPPlayCDAudioOnArrival REG_SZ
MSRipCDAudioOnArrival REG_SZ
MMJBPlayCDAudioOnArrival REG_SZ
iTunesShowSongsOnArrival REG_SZ
iTunesPlaySongsOnArrival REG_SZ
iTunesImportSongsOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival
MSOpenFolder REG_SZ
IviDVDEventHandler REG_SZ
RPPlayDVDMovieOnArrival REG_SZ
MSPlayDVDMovieOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
RPPlayMediaOnArrival REG_SZ
MMJBPlayMediaOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival
MSOpenFolder REG_SZ
MSPlayMediaOnArrival REG_SZ
IviVideoCDHandler REG_SZ
RPPlayMediaOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Ravemp2300Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Rio600Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\Rio800Arrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\RioOneArrival
MSWMDMHandler REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\RNDeviceArrival
RPDeviceOnArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\ShowPicturesOnArrival
MSWiaEventHandler REG_SZ
MSShowPicturesOnArrival REG_SZ
MSPrintPicturesOnArrival REG_SZ
MSOpenFolder REG_SZ
Dell Image ExpertShowPicturesOnArrivalHandler REG_SZ
FPVShowPicturesOnArrival REG_SZ
Nikon Transfer REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\VideoCameraArrival
MSVideoCameraArrival REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Dell Image ExpertShowPicturesOnArrivalHandler
Action REG_SZ View pictures on removable media
DefaultIcon REG_SZ C:\PROGRA~1\DELLCO~1\DELLIM~1\dellix.exe,0
InvokeProgID REG_SZ DellImageExpertAlbum
InvokeVerb REG_SZ OpenPCCard
Provider REG_SZ Dell Image Expert

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\FPVShowPicturesOnArrival
<NO NAME> REG_SZ
DefaultIcon REG_SZ C:\Program Files\FinePixViewer\FinePixViewer.exe,0
Action REG_SZ Viewing images
Provider REG_SZ FinePixViewer
InvokeProgID REG_SZ FinePixViewer.ShowPictures
InvokeVerb REG_SZ Play

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\iTunesBurnCDOnArrival
<NO NAME> REG_SZ
Action REG_SZ Create a CD
DefaultIcon REG_SZ C:\Program Files\iTunes\iTunes.exe,-128
InvokeProgID REG_SZ iTunes.BurnCD
InvokeVerb REG_SZ burn
Provider REG_SZ iTunes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\iTunesImportSongsOnArrival
<NO NAME> REG_SZ
Action REG_SZ Import songs
DefaultIcon REG_SZ C:\Program Files\iTunes\iTunes.exe,-128
InvokeProgID REG_SZ iTunes.ImportSongsOnCD
InvokeVerb REG_SZ import
Provider REG_SZ iTunes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\iTunesPlaySongsOnArrival
<NO NAME> REG_SZ
Action REG_SZ Play audio CD
DefaultIcon REG_SZ C:\Program Files\iTunes\iTunes.exe,-128
InvokeProgID REG_SZ iTunes.PlaySongsOnCD
InvokeVerb REG_SZ play
Provider REG_SZ iTunes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\iTunesShowSongsOnArrival
<NO NAME> REG_SZ
Action REG_SZ Show songs
DefaultIcon REG_SZ C:\Program Files\iTunes\iTunes.exe,-128
InvokeProgID REG_SZ iTunes.ShowSongsOnCD
InvokeVerb REG_SZ showsongs
Provider REG_SZ iTunes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IviDVDEventHandler
Action REG_SZ Play DVD movie
Provider REG_SZ InterVideo WinDVD
InvokeProgID REG_SZ DVD
InvokeVerb REG_SZ play
DefaultIcon REG_SZ C:\Program Files\InterVideo\WinDVD\WinDVD.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IviVideoCDHandler
Action REG_SZ Play Video Files
Provider REG_SZ InterVideo WinDVD
InvokeProgID REG_SZ Ivi.MediaFile
InvokeVerb REG_SZ play
DefaultIcon REG_SZ C:\Program Files\InterVideo\WinDVD\WinDVD.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBAutoplayBURNERPLUS
Action REG_SZ Burn CD
Provider REG_SZ MUSICMATCH Burner Plus
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe, 0
InvokeProgID REG_SZ MMJB.BURN
InvokeVerb REG_SZ Burn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayCDAudioOnArrival
Action REG_SZ Play Audio CD
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ Musicmatch Jukebox
InvokeProgID REG_SZ MMJB.AUDIOCD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MMJBPlayMediaOnArrival
Action REG_SZ Play
DefaultIcon REG_SZ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe,0
InvokeVerb REG_SZ Play
Provider REG_SZ Musicmatch Jukebox
InvokeProgID REG_SZ MMJB.MMJB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSCDBurningOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17169
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17170
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSOpenFolder
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-5
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17154
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17155
InvokeProgID REG_SZ Folder
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6503
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.AudioCD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival
Action REG_SZ @wmploc.dll,-6504
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.DVD
InvokeVerb REG_SZ play
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayMediaOnArrival
Action REG_SZ @wmploc.dll,-1800
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.PlayMedia
InvokeVerb REG_SZ play
DefaultIcon REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPrintPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-17
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17158
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17159
InvokeProgID REG_SZ Applications\shimgvw.dll
InvokeVerb REG_SZ print

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTime
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTimeNoContent
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-3
Action REG_SZ Prompt each time - No Content
Provider REG_SZ Windows Explorer
ProgID REG_SZ Shell.Autoplay
InitCmdLine REG_SZ PromptEachTimeNoContent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSRipCDAudioOnArrival
Action REG_SZ @wmploc.dll,-6506
Provider REG_SZ @wmploc.dll,-6502
InvokeProgID REG_SZ WMP.RipCD
InvokeVerb REG_SZ Rip
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSShowPicturesOnArrival
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-249
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17156
Provider REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17157
InvokeProgID REG_SZ Shell.AutoplayForSlideShow.1
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSTakeNoAction
DefaultIcon REG_EXPAND_SZ %SystemRoot%\system32\SHELL32.dll,-338
Action REG_SZ @%SystemRoot%\system32\SHELL32.dll,-17168
Provider REG_SZ <TakeNoAction>
ProgID REG_SZ Shell.AutoplaySpecial

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSVideoCameraArrival
InitCmdLine REG_SZ "C:\Program Files\Movie Maker\moviemk.exe" /RECORD
ProgID REG_SZ Shell.HWEventHandlerShellExecute
DefaultIcon REG_SZ C:\Program Files\Movie Maker\moviemk.exe,0
CLSIDForCancel REG_SZ {AB007EC8-E2D4-4664-ACD9-1D059681F3DE}
Action REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61826
Provider REG_SZ @C:\Program Files\Movie Maker\wmmres.dll,-61424

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWiaEventHandler
ProgID REG_SZ WiaDevMgr
Action REG_SZ @%systemroot%\System32\wiaacmgr.exe,-276
Provider REG_SZ @%systemroot%\System32\wiaacmgr.exe,-101
DefaultIcon REG_EXPAND_SZ %systemroot%\System32\wiaacmgr.exe,-2
InvokeProgID REG_SZ WIA.AutoplayDropHandler.1
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMDMHandler
Action REG_SZ Transfer Files
CLSIDForCancel REG_SZ {91778246-9BE4-4713-A651-E833B853CC30}
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0
ProgID REG_SZ Shell.HWEventHandlerShellExecute
Provider REG_SZ @wmploc.dll,-6502
InitCmdLine REG_EXPAND_SZ "%ProgramFiles%\Windows Media Player\wmplayer.exe" /prefetch:3 /task:PortableDevice

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSWMPBurnCDOnArrival
Action REG_SZ @wmploc.dll,-6505
Provider REG_SZ @wmploc.dll,-6502
InvokeProgid REG_SZ WMP.BurnCD
InvokeVerb REG_SZ Burn
DefaultIcon REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Nikon Transfer
Action REG_SZ Copy pictures to a folder on my computer.
DefaultIcon REG_SZ C:\Program Files\Nikon\Nikon Transfer\NktTransfer.exe, 0
Provider REG_SZ Nikon Transfer
InvokeProgID REG_SZ Nikon Transfer
InvokeVerb REG_SZ open

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\RPCDBurningOnArrival
Action REG_SZ Burn CD
Provider REG_SZ RealPlayer
InvokeProgID REG_SZ RealPlayer.CDBurn.6
InvokeVerb REG_SZ open
DefaultIcon REG_SZ "C:\Program Files\Real\RealPlayer\RealPlay.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\RPDeviceOnArrival
Action REG_SZ Manage the device
Provider REG_SZ RealPlayer
ProgID REG_SZ RealPlayer.HWEventHandler
DefaultIcon REG_SZ "C:\Program Files\Real\RealPlayer\RealPlay.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\RPPlayCDAudioOnArrival
Action REG_SZ Play or save music from audio CD
Provider REG_SZ RealPlayer
InvokeProgID REG_SZ RealPlayer.AudioCD.6
InvokeVerb REG_SZ play
DefaultIcon REG_SZ "C:\Program Files\Real\RealPlayer\RealPlay.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\RPPlayDVDMovieOnArrival
Action REG_SZ Play DVD Video
Provider REG_SZ RealPlayer
InvokeProgID REG_SZ RealPlayer.DVD.6
InvokeVerb REG_SZ play
DefaultIcon REG_SZ "C:\Program Files\Real\RealPlayer\RealPlay.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\RPPlayMediaOnArrival
Action REG_SZ Play Media Files
Provider REG_SZ RealPlayer
InvokeProgID REG_SZ RealPlayer.AutoPlay.6
InvokeVerb REG_SZ open
DefaultIcon REG_SZ "C:\Program Files\Real\RealPlayer\RealPlay.exe",0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\SonicRnCdOnArrival
DefaultIcon REG_SZ C:\Program Files\Sonic\RecordNow!\RecordNow.exe,0
InitCmdLine REG_SZ
InvokeVerb REG_SZ open
InvokeProgid REG_SZ Sonic.RecordNow
Provider REG_SZ Sonic RecordNow!
FriendlyName REG_SZ Create a disc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\VxDlaCdOnArrival
DefaultIcon REG_SZ C:\Program Files\Sonic\DLA\install\tfswcmd.exe,0
InvokeVerb REG_SZ open
InvokeProgid REG_SZ VERITAS.DLAEventHandler
Provider REG_SZ Sonic DLA
FriendlyName REG_SZ Format

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
UseGlobalSettings REG_DWORD 0x1
Percent REG_DWORD 0x7
NukeOnDelete REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c
VolumeSerialNumber REG_DWORD 0x8837617a
IsUnicode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\e
VolumeSerialNumber REG_DWORD 0xe442dee0
IsUnicode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
BrowseNewProcess REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
<NO NAME> REG_SZ SpywareGuard Download Protection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
  • 0

#14
Rorschach112
Posted 20 March 2008 - 07:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the report please as some of it is missing
  • 0

#15
joppa
Posted 21 March 2008 - 05:09 AM

joppa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
the DrvIconQuery report is attached.

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP