Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

routing.exe, perfs.exe, various .dlls


  • Please log in to reply

#61
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
It doesn't seem to be browser-specific.

Right now it appears to be that I can copy text, just not from browsers, only plain text documents.
  • 0

Advertisements


#62
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I just did what you said. I had to use the page source then edit it correctly, as copy/paste from browsers doesn't work.
  • 0

#63
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Deckard's System Scanner v20071014.68
Run by Parent on 2008-08-12 19:39:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Parent.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:59 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DNA\btdna.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Parent\My Documents\larryhadalittlelamb\Deckard System Scanner (temp).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Parent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [is-G3LVJ] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-G3LVJ\is-G3LVJ.exe"
O4 - HKLM\..\Run: [is-MV4MS] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-MV4MS\is-MV4MS.exe"
O4 - HKLM\..\Run: [is-QRV79] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QRV79\is-QRV79.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (User '?')
O4 - S-1-5-21-4065617495-334337264-2154702590-1003 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5E936384-B736-4A9E-AA93-832CA59FDCEC} (InstallShield Setup Player V11) - http://ea-land.ea.co...stall/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1179847293578
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23B86ABE-1DB6-474D-8187-F3F0255B8C0F}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{23B86ABE-1DB6-474D-8187-F3F0255B8C0F}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{23B86ABE-1DB6-474D-8187-F3F0255B8C0F}: NameServer = 68.87.75.194,68.87.64.146
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c8e20299b95e4) (gupdate1c8e20299b95e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: is-G3LVJ - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-G3LVJ\is-G3LVJ.exe (file missing)
O23 - Service: is-MV4MS - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-MV4MS\is-MV4MS.exe (file missing)
O23 - Service: is-QRV79 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QRV79\is-QRV79.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 11288 bytes

-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-11 18:55:21 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-11 18:35:54 9740320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-10 10:40:35 0 d-------- C:\Program Files\MBAM
2008-08-08 19:14:40 68096 --a------ C:\WINDOWS\zip.exe
2008-08-08 19:14:40 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-08 19:14:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-08 19:14:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-08 19:14:40 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-08 19:14:40 98816 --a------ C:\WINDOWS\sed.exe
2008-08-08 19:14:40 80412 --a------ C:\WINDOWS\grep.exe
2008-08-08 19:14:40 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-08 18:52:28 0 d-------- C:\Program Files\Trend Micro
2008-08-08 18:40:17 0 d--hs---- C:\WINDOWS\CSC
2008-08-08 12:59:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-08 12:58:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-08 10:38:56 0 d-------- C:\Program Files\Alwil Software
2008-08-07 19:06:09 0 --a------ C:\WINDOWS\system32\39866AC4
2008-07-24 17:07:27 0 d-------- C:\Program Files\Phun
2008-07-20 23:17:45 0 d------c- C:\AudioConverter
2008-07-20 23:16:51 0 d-------- C:\Program Files\easetech
2008-07-20 20:07:10 0 d------c- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-20 20:07:01 0 d-------- C:\Program Files\Security Task Manager
2008-07-19 14:59:28 0 d-------- C:\Program Files\Pyra Productions
2008-07-19 14:07:45 0 d-------- C:\Program Files\Easy Icon Maker
2008-07-18 16:34:44 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-07-16 15:16:48 0 d-------- C:\Program Files\QuickTime
2008-07-16 15:13:55 0 d-------- C:\Program Files\Apple Software Update
2008-07-16 15:13:54 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-08-12 19:42:08 0 d-------- C:\Documents and Settings\Parent\Application Data\DNA
2008-08-12 19:33:41 0 d-------- C:\Program Files\Steam
2008-08-11 09:38:55 0 d-------- C:\Program Files\mIRC
2008-08-10 13:43:08 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 19:17:08 0 d-------- C:\Program Files\Common Files
2008-08-06 08:35:38 0 d-------- C:\Program Files\McAfee
2008-08-01 17:23:19 0 d-------- C:\Program Files\Google
2008-07-07 23:36:17 103424 --a------ C:\WINDOWS\system32\nUI_nat.dll <Not Verified;  ; nUI>
2008-07-06 11:37:21 0 d-------- C:\Program Files\Rocks'n'Diamonds
2008-07-05 18:34:12 0 d-------- C:\Documents and Settings\Parent\Application Data\Teeworlds
2008-07-05 14:12:09 0 d-------- C:\Program Files\Image-Line
2008-07-05 14:11:26 0 d-------- C:\Program Files\VstPlugins
2008-07-05 14:09:34 0 d-------- C:\Program Files\ASIO4ALL v2
2008-07-05 14:07:10 0 d-------- C:\Program Files\Outsim
2008-07-03 18:33:11 0 d-------- C:\Documents and Settings\Parent\Application Data\NBOS
2008-07-03 18:33:09 0 d-------- C:\Program Files\nbos
2008-07-03 17:31:19 0 d-------- C:\Documents and Settings\Parent\Application Data\.crossfire
2008-07-03 17:30:30 0 d-------- C:\Program Files\Crossfire GTK Client
2008-07-03 17:28:50 0 d-------- C:\Program Files\Common Files\GTK
2008-07-03 15:47:11 0 d-------- C:\Documents and Settings\Parent\Application Data\uk.co.planetside
2008-07-03 15:44:05 0 d-------- C:\Program Files\Terragen
2008-06-29 21:19:34 0 d-------- C:\Program Files\LEGO Company
2008-06-26 17:32:44 0 d-------- C:\Documents and Settings\Parent\Application Data\SPORE Creature Creator
2008-06-26 15:15:17 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-26 14:57:38 0 d-------- C:\Program Files\Clonk Endeavour
2008-06-26 14:56:00 0 d-------- C:\Documents and Settings\Parent\Application Data\Clonk
2008-06-21 23:31:55 0 d-------- C:\Program Files\KoolMoves Demo
2008-06-21 20:11:49 0 d-------- C:\Program Files\ProcedurallyGeneratedGames
2008-06-20 17:33:53 0 d-------- C:\Documents and Settings\Parent\Application Data\Malwarebytes
2008-06-20 13:41:10 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-18 22:04:43 0 dr-h----- C:\Documents and Settings\Parent\Application Data\SecuROM
2008-06-18 22:02:47 0 d-------- C:\Program Files\Electronic Arts
2008-06-18 22:02:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 21:32:38 1504 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-18 17:13:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-18 17:13:17 0 d-------- C:\Documents and Settings\Parent\Application Data\Mozilla
2008-06-18 16:21:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-16 18:44:48 0 d-------- C:\Documents and Settings\Parent\Application Data\IEPro
2008-06-16 18:05:18 0 dr------- C:\Documents and Settings\Parent\Application Data\SpaceTime 3D
2008-06-12 23:08:04 0 d-------- C:\Program Files\Audacity
2008-06-12 11:09:52 0 d-------- C:\Program Files\PyraProductions
2008-06-12 10:43:28 0 d-------- C:\Program Files\Install Creator
2008-06-06 19:52:04 54864 --a------ C:\WINDOWS\War3Unin.dat
2008-06-06 19:51:30 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-06 19:51:30 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-04 10:50:45 185344 --a------ C:\WINDOWS\patchw32.dll
2008-06-02 15:27:47 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-06-02 15:27:47 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-05-28 22:19:00 174 --a------ C:\WINDOWS\Palace.reg
2008-05-27 23:14:29 1024 --a------ C:\Documents and Settings\Parent\Application Data\WavCodec.wff


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25D596E9-BD03-4D4A-8310-5DF3B31E8D26}]
07/31/2008 04:58 PM 184816 --a----t- C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [12/31/2002 08:00 AM C:\WINDOWS\RTHDCPL.EXE]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [01/22/2008 11:09 PM]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [01/22/2008 11:09 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/25/2008 09:57 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"is-G3LVJ"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-G3LVJ\is-G3LVJ.exe" []
"is-MV4MS"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-MV4MS\is-MV4MS.exe" []
"is-QRV79"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QRV79\is-QRV79.exe" [06/07/2008 03:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 11:01 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 08:17 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]
"Steam"="c:\program files\steam\steam.exe" [04/19/2008 07:12 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 08:00 AM]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [06/13/2008 06:27 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E60A0B68-2F3C-A1D2-A901-9381E036D21A}"= C:\WINDOWS\system32\Karna2Drv.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-08-12 19:43:07 ------------
  • 0

#64
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease download the attached file and extract it to your desktop.
Double click on clearit.bat.
It will only take a short time to run.
Please then reboot and let me know if your copy and paste function is back.

[attachment=22622:clearit.zip]
  • 0

#65
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I just ran it and rebooted. Still can't copy/paste.

Would the fact that I ran it from a directory other than the Desktop mean anything?

Edited by Mechana, 12 August 2008 - 07:19 PM.

  • 0

#66
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fix.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E60A0B68-2F3C-A1D2-A901-9381E036D21A}"=-
Now double-click fix.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
=============
After that do you have a folder in your C:\Drive called i386?
  • 0

#67
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Just ran it.


No, I'm checking C: myself and i386 isn't there.
  • 0

#68
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Unfortunately you are going to need to do a repair install to fix all of the issues that are wrong with your computer.
If you know someone that may have a Xp disk of the same edition of Windows that you are running then I will be able to help you fix it.
Without it you are not going to be able to repair it.
==================================
Open the Kaspersky tool folder on your desktop and run the uninstaller in there.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Also delete\uninstall anything that we used that is left over.
===========================================
After that your logs are clean
let me know if you are able to get a cd and I will help you do a repair install.
  • 0

#69
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I do believe I have the correct XP CD. It's getting late, so I will attempt to find it tomorrow.


Thank you so much for your help so far! It's helped me get this computer back.

However, the computer doesn't recognize my USB drive. Any way to fix that pre-system repair? It worked before the virus..

Edited by Mechana, 12 August 2008 - 09:39 PM.

  • 0

#70
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes doing a repair should fix all of these things.
You are welcome :)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP