• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
portillok

Home Page problems

18 posts in this topic

I opened up my IE today and it is now a porn site. I have ran ad aware and CWShredder but it is still there. Please can someone help me....

Share this post


Link to post
Share on other sites

Run Hijack this again, and click "scan"

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Here goes:

 

ogfile of HijackThis v1.97.7

Scan saved at 3:23:53 PM, on 5/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: =>English - http:\\wordreference.com\es\en\j\iespen109.htm

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: ICQ Pro (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab

O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab

O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab

O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt0_x.cab

O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab

O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9} - http://adlogix.com/pop/InPop.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/257ba076f1619d...ip/RdxIE601.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cab

O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7244.5566087963

O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/Spanish%20to%20English.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319

Share this post


Link to post
Share on other sites

You appear to have a new hijacker - could you post a startuplist log from HJT (cofig>misc tools and check the two boxes under the button)

Share this post


Link to post
Share on other sites

tartupList report, 5/26/2004, 4:08:20 PM

StartupList version: 1.52

Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

hpoddt01.exe.lnk = ?

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

hpsysdrv = c:\windows\system\hpsysdrv.exe

KBD = C:\HP\KBD\KBD.EXE

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

PS2 = C:\WINDOWS\system32\ps2.exe

checktime = c:\program files\HPSelect\Frontend\ct.exe

MCAgentExe = C:\Program Files\mcafee.com\Agent\mcagent.exe

MCUpdateExe = C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding

VirusScan Online = C:\Program Files\mcafee.com\VSO\mcvsshld.exe

ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"

WinPatrol = C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

PopUpStopperFreeEdition = C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

 

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*No subkeys found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\ENATUR~1.SCR

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

cd_clint.job

FRU Task #Hewlett-Packard#hp psc 2170 series#1083532593.job

Norton AntiVirus - Scan my computer - Owner.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[Toki Toki Boom]

CODEBASE = http://download.games.yahoo.com/games/clients/y/vtm_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Toki Toki Boom.osd

 

[Tornado 21]

CODEBASE = http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Tornado 21.osd

 

[Video Poker]

CODEBASE = http://download.games.yahoo.com/games/clients/y/vpt0_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Video Poker.osd

 

[Yahoo! Chat]

CODEBASE = http://cs6.chat.sc5.yahoo.com/c381/chat.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Chat.osd

 

[Yahoo! Euchre]

CODEBASE = http://download.games.yahoo.com/games/clients/y/et0_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Euchre.osd

 

[Yahoo! Freecell Solitaire]

CODEBASE = http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Freecell Solitaire.osd

 

[Yahoo! Gin]

CODEBASE = http://download.games.yahoo.com/games/clients/y/nt0_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Gin.osd

 

[Yahoo! Go Fish]

CODEBASE = http://download.games.yahoo.com/games/clients/y/zt3_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Go Fish.osd

 

[Yahoo! Pyramids]

CODEBASE = http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pyramids.osd

 

[Yahoo! Spelldown]

CODEBASE = http://download.games.yahoo.com/games/clients/y/sdt1_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Spelldown.osd

 

[Yahoo! Towers 2.0]

CODEBASE = http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Towers 2.0.osd

 

[{00000075-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/voxacm.CAB

 

[support.com Configuration Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll

CODEBASE = http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp

 

[QuickTime Object]

InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

CODEBASE = http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab

 

[{29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}]

CODEBASE = http://fdl.msn.com/public/chat/msnchat41.cab

 

[Yahoo! Audio Conferencing]

InProcServer32 = C:\WINDOWS\DOWNLO~1\yacscom.dll

CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

 

[{33363249-0000-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/i263_32.cab

 

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

 

[{41F17733-B041-4099-A042-B518BB6A408C}]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

 

[{532217E3-860C-4EEE-8BBD-3F342DCD9AE9}]

CODEBASE = http://adlogix.com/pop/InPop.CAB

 

[RdxIE Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll

CODEBASE = http://software-dl.real.com/257ba076f1619d...ip/RdxIE601.cab

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

 

[Yahoo! Audio UI1]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacsui.dll

CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

 

[cpbrkpie Control]

InProcServer32 = C:\WINDOWS\cpbrkpie.ocx

CODEBASE = http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cab

 

[{986DDE35-E955-11D0-A707-000000521958}]

CODEBASE = http://69.56.176.75/webplugin.cab

 

[update Class]

InProcServer32 = C:\WINDOWS\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7244.5566087963

 

[{AD08A333-609E-11D3-950C-008098601567}]

CODEBASE = http://wordreference.com/Install/Spanish%20to%20English.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[PopCapLoader Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll

CODEBASE = http://download.games.yahoo.com/games/popc...aploader_v5.cab

 

[{E87A6788-1D0F-4444-8898-1D25829B6755}]

CODEBASE = http://fdl.msn.com/public/chat/msnchat4.cab

 

[QDiagHUpdateObj Class]

InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx

CODEBASE = http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

A4SII300: \SystemRoot\System32\drivers\A4SII300.SYS (autostart)

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)

Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)

Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)

ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)

Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)

Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)

Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)

CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)

Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)

COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

ALARIS QuickVideo weeCam USB: System32\DRIVERS\DVC2USB.sys (manual start)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Disk Driver: System32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Eacfilt Miniport: System32\DRIVERS\eacfilt.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Fax: %systemroot%\system32\fxssvc.exe (autostart)

Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)

Flash Communication Server: "C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe" (autostart)

Flash Communication Admin Service: "C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe" (autostart)

Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)

Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)

IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

i81x: System32\DRIVERS\i81xnt5.sys (manual start)

iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)

iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)

iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)

iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)

iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)

iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)

iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)

iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)

iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\Imapi.exe (manual start)

IntelIde: System32\DRIVERS\intelide.sys (system)

IPv6 Firewall Driver: System32\DRIVERS\Ip6Fw.sys (manual start)

IPv6 Internet Connection Firewall: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: System32\DRIVERS\ipsec.sys (system)

Nortel Extranet Access Protocol: System32\DRIVERS\ipsecw2k.sys (autostart)

Nortel IPSECSHM Adapter: System32\DRIVERS\ipsecw2k.sys (manual start)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)

McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart (autostart)

Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" (autostart)

Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" (autostart)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)

WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)

NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)

NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)

NaiFiltr: System32\DRIVERS\NaiFiltr.sys (manual start)

Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (manual start)

NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040509.017\NAVENG.Sys (manual start)

NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040509.017\NavEx15.Sys (manual start)

Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: System32\DRIVERS\netbios.sys (system)

NetBT: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (manual start)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv4: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

Pcdr Helper Driver: system32\drivers\PCDRDRV.sys (manual start)

PcdrNt: \SystemRoot\System32\drivers\PcdrNt.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)

IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (disabled)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Processor Driver: System32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

PS2: System32\DRIVERS\PS2.sys (manual start)

QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)

S3SavageNB: System32\DRIVERS\s3gnbm.sys (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)

SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)

SAVScan: C:\Program Files\Norton AntiVirus\SAVScan.exe (manual start)

ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)

Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: System32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{629945EB-4822-491D-8085-B2A660303DEE} (manual start)

Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)

SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)

symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)

SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)

SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: System32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

USBAT Controller Driver: System32\DRIVERS\upatc.sys (manual start)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)

USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)

USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)

ViaIde: System32\DRIVERS\viaide.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)

World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

WebCheck: *Registry key not found*

SysTray: C:\WINDOWS\System32\stobject.dll

CDBurn: *Registry key not found*

 

--------------------------------------------------

End of report, 39,328 bytes

Report generated in 0.563 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Now I am also getting the message that I have a Trojan virus named Exploit-URLSpoof.gen

 

 

More and More things keep going wrong :(

Share this post


Link to post
Share on other sites

OK try this. Reboot into Safe Mode by tapping F8 after the BIOS has loaded, find and delete the following folder:

 

C:/spad

 

Then open up HJT, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.6.cab

O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9} - http://adlogix.com/pop/InPop.CAB

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/257ba076f1619d...ip/RdxIE601.cab

O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab

 

Reboot back into normal mode, rescan with HJT and post a new log.

 

Also go here and run online scans (all), allow them to delete whatever they find:

 

TrendMicro HouseCall

eTrust AntiVirus Web Scanner

Panda ActiveScan

 

Reboot when done.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0