1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

safe mode not possible

Discussion in 'Malware and Virus Removal Archive' started by macsearcher, 2007/04/19.

  1. 2007/04/19
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    When I try to boot my computer into safe mode it gets to the welcome screeen and then automatically reboots again into normal mode.
    I am currently stuck with the broadcaster popups. Any help would be appreciated. Thanks all


    Here is my HijackThis log followed by my autoRuns log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:12:35 PM, on 4/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: (no name) - {F5EA4EF2-D549-A89C-4B86-F75A663D12C4} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\caukdnbk.dll
    O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AEEC912B-D860-4132-B849-7157A8A70708} - C:\WINDOWS\system32\qlsqemna.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\sfhimcwn.dll ",setvm
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CDTrayPal] C:\Documents and Settings\les cooper\Desktop\CDTrayPal\cdtray.exe
    O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\xoupdika.dll ",setvm
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139431480029
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162924894500
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: byxvstt - byxvstt.dll (file missing)
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhyo32 - winhyo32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    + !AVG Anti-Spyware AVG Anti-Spyware Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
    + CDTrayPal File not found: C:\Documents and Settings\les cooper\Desktop\CDTrayPal\cdtray.exe
    + DAEMON Tools-1033 Virtual DAEMON Manager DAEMON'S HOME c:\program files\d-tools\daemon.exe
    + HDSPTray1 Hammerfall DSP Settings RME c:\windows\system32\hdsp32.exe
    + HDSPTray2 Hammerfall DSP Mixer RME c:\windows\system32\hdspmix.exe
    + iTunesHelper iTunesHelper Module Apple Inc. c:\program files\itunes\ituneshelper.exe
    + MediafourGettingStartedWithMacDrive6 Mediafour MacDrive Mediafour Corporation c:\program files\mediafour\macdrive\macdrive.exe
    + NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nwiz NVIDIA nView Wizard, Version 110.07 NVIDIA Corporation c:\windows\system32\nwiz.exe
    + outlook File not found: C:\Program Files\outlook\outlook.exe
    + PrintDrive c:\windows\system32\xoupdika.dll
    + QuickTime Task QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe
    + SoundService File not found: C:\WINDOWS\system32\sfhimcwn.dll
    + SunJavaUpdateSched Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\jusched.exe
    + {0228e555-4f9c-4e35-a3ec-b109a192b4c2} Gmail Notifier Google Inc. c:\program files\google\gmail notifier\gnotify.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    + Logitech SetPoint.lnk Logitech SetPoint Event Manager (UNICODE) Logitech Inc. c:\program files\logitech\setpoint\setpoint.exe
    C:\Documents and Settings\les cooper\Start Menu\Programs\Startup
    + Anapod Manager.lnk Red Chair Manager Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anamgr.exe
    + Yahoo! Widget Engine.lnk Yahoo! Widgets Yahoo! Inc. c:\program files\yahoo!\yahoo! widget engine\yahoowidgetengine.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    + PopUpStopperFreeEdition Pop-Up Stopper Free Edition Panicware, Inc. c:\program files\panicware\pop-up stopper free edition\psfree.exe
    + Veoh Veoh Client Veoh Networks c:\program files\veoh networks\veoh\veohclient.exe
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
    + 0 File not found: About:Home
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    + AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
    + 7-Zip Shell Extension c:\program files\7-zip\7-zip.dll
    + Anapod Explorer Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodpw.dll
    + Anapod Shuffler Red Chair Explorer Red Chair Software, Inc. c:\program files\red chair software\anapod explorer\anapodps.dll
    + CMenuExtender File not found: blank
    + Desktop Explorer NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Display Panning CPL Extension File not found: deskpan.dll
    + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
    + iTunes iTunes Mini Player DLL Apple Inc. c:\program files\itunes\itunesminiplayer.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\kbcplext.dll
    + Logitech Setpoint Extension Logitech SetPoint Event Manager Logitech Inc. c:\program files\logitech\setpoint\mcplext.dll
    + Mediafour Mac File Archives Mediafour Mac file archiving Mediafour Corporation c:\program files\common files\mediafour\macfarch.dll
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac file properties MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + Mediafour Mac File Resource Viewer Mediafour Mac Resource Viewer Mediafour Corporation c:\program files\common files\mediafour\macfresv.dll
    + Mediafour Mac File Types library Mediafour Mac File Types library Mediafour Corporation c:\program files\common files\mediafour\macftyps.dll
    + Mediafour Mac Volume Icons Mac Volume Icons library Mediafour Corporation c:\program files\common files\mediafour\macvicon.dll
    + Mediafour MacDrive Copy Mac Disk Mediafour MacDrive Copy Mac Disk Mediafour Corporation c:\program files\mediafour\macdrive\mdcpydsk.dll
    + Mediafour MacDrive File Names library Mediafour File Names library Mediafour Corporation c:\program files\mediafour\macdrive\mdfnames.dll
    + Mediafour MacDrive Format Mac Disk MacDrive Disk Formatting Mediafour Corporation c:\program files\mediafour\macdrive\mdformat.dll
    + Mediafour MacDrive Volume Selection Mediafour MacDrive Volume Selection library Mediafour Corporation c:\program files\mediafour\macdrive\mdvolsel.dll
    + NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.07 NVIDIA Corporation c:\windows\system32\nvshell.dll
    + Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
    + SmartFTP Shell Extension DLL SmartFTP Client CopyHook SmartFTP c:\program files\smartftp client 2.0\smarthook.dll
    HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
    + Mediafour Mac file columns MACFPROP Mediafour Corporation c:\program files\common files\mediafour\macfprop.dll
    + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    + &Google Web Accelerator Helper c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    + SSVHelper Class Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\ssv.dll
    + Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    + {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} c:\windows\system32\caukdnbk.dll
    + {AEEC912B-D860-4132-B849-7157A8A70708} c:\windows\system32\qlsqemna.dll
    HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
    + InprocServer32 File not found: CLSID\{F5EA4EF2-D549-A89C-4B86-F75A663D12C4}\InprocServer32
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    + googlewebacctoolbar.dll c:\program files\google\web accelerator\googlewebacctoolbar.dll
    + Veoh Browser Plug-in Veoh Browser Plug-in Veoh Networks Inc c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll
    + yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
    Task Scheduler
    + AppleSoftwareUpdate.job Software Application Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
    + Uniblue SpeedUpMyPC Nag.job File not found: C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
    HKLM\System\CurrentControlSet\Services
    + AVG Anti-Spyware Guard AVG Anti-Spyware guard Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
    + NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
    HKLM\System\CurrentControlSet\Services
    + atapi c:\windows\system32\drivers\atapi.sys
    + AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
    + AvgAsCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys
    + CLEDX Team H2O CLEDX DevWhore Team H2O c:\windows\system32\drivers\cledx.sys
    + d346bus PnP BIOS Extension c:\windows\system32\drivers\d346bus.sys
    + d346prt SCSI miniport c:\windows\system32\drivers\d346prt.sys
    + dalwdmservice Digidesign Abstraction Layer Driver Digidesign, A Division of Avid Technology, Inc. c:\windows\system32\drivers\dalwdm.sys
    + Dot4 HPH09 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hphid409.sys
    + Dot4Print HPH09 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hphipr09.sys
    + Dot4Storage HPH09 Printer Card Mass Storage Driver Hewlett-Packard c:\windows\system32\drivers\hphs2k09.sys
    + Dot4Usb HPH09 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hphius09.sys
    + extradrv c:\windows\system32\drivers\extradrv.sys
    + GEARAspiWDM CD/DVD Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
    + HDAudBus High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys
    + hdsp Hammerfall DSP RME c:\windows\system32\drivers\hdsp.sys
    + IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys
    + iteatapi ITE IT8211 ATA/ATAPI SCSI miniport Integrated Technology Express, Inc. c:\windows\system32\drivers\iteatapi.sys
    + L8042Kbd Logitech PS2 Keyboard Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042kbd.sys
    + L8042mou Logitech PS/2 Mouse Filter Driver. Logitech Inc. c:\windows\system32\drivers\l8042mou.sys
    + LBeepKE Logitech Beep Suppression Driver Logitech Inc. c:\windows\system32\drivers\lbeepke.sys
    + LHidKe Logitech HID Filter Driver. Logitech Inc. c:\windows\system32\drivers\lhidke.sys
    + LMouKE Logitech Filter Driver for Mouse Class. Logitech Inc. c:\windows\system32\drivers\lmouke.sys
    + MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys
    + nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.87 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
    + nvport Port Driver NVIDIA Corporation. c:\windows\system32\drivers\nvport.sys
    + pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
    + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
    + PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
    + Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
    + StyleXPHelper StyleXP Windows (R) 2000 DDK provider c:\program files\tgtsoft\stylexp\stylexphelper.exe
    + yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller Marvell c:\windows\system32\drivers\yk51x86.sys
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    + byxvstt File not found: byxvstt.dll
    + MacDrive-iTunes compatibility iTunes compatibility patch for using Mac-format iPods Mediafour Corporation c:\program files\common files\mediafour\macdriveitunespatch.dll
    + winhyo32 File not found: winhyo32.dll
    HKCU\Control Panel\Desktop\Scrnsave.exe
    + C:\WINDOWS\system32\ELECTR~1.SCR c:\windows\system32\electricsheep.scr
     
    macsearcher,
    #1
  2. 2007/04/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hello and welcome to WindowsBBS Forums sorry for the delay in a reply.

    Download the Killbox from here and save it to the desktop.
    • Double-click the KillBox icon on your desktop to open it
    • Select "Delete on Reboot "
    • Then select "All files ".
    Copy the file names below to the clipboard by highlighting them and pressing Control-C:
    C:\WINDOWS\system32\caukdnbk.dll
    C:\WINDOWS\system32\qlsqemna.dll
    C:\WINDOWS\system32\sfhimcwn.dll
    C:\Windows\system32\winhyo32.dll
    C:\WINDOWS \system32\byxvstt.dll
    c:\windows\system32\xoupdika.dll

    Return to Killbox
    • Go to the File menu, and choose "Paste from Clipboard ".
    • Click the red-and-white [Delete File] button.
    • Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.


    Download FindAWF from here:
    http://noahdfear.geekstogo.com/FindAWF.exe

    Save the program to your desktop & run it.

    Post the log it produces please along with a new HJT log.
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2007/04/20
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    here ya go

    Here is the findAWF log and the HJT log. Thanks for you help on this
    Les

    bak folders found
    ~~~~~~~~~~~

    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~
    end of report

    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:04 PM, on 4/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: (no name) - {F5EA4EF2-D549-A89C-4B86-F75A663D12C4} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL
    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\caukdnbk.dll (file missing)
    O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AEEC912B-D860-4132-B849-7157A8A70708} - C:\WINDOWS\system32\qlsqemna.dll (file missing)
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CDTrayPal] C:\Documents and Settings\les cooper\Desktop\CDTrayPal\cdtray.exe
    O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\xoupdika.dll ",setvm
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139431480029
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162924894500
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - (no CLSID) - (no file)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: byxvstt - byxvstt.dll (file missing)
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhyo32 - winhyo32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
     
    macsearcher,
    #3
  5. 2007/04/20
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    safe mode

    I am still not able to boot my computer into Safe mode
     
    macsearcher,
    #4
  6. 2007/04/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, so no AWF it seems.

    Lets apply the safe mode fix tool.

    Download SafeBoot Key Repair from here.
    Save it to your desktop and run it, post the log when it is done.

    After that lets fix whats left over.

    We will run KillBox again, inserting the following file:
    C:\WINDOWS\system32\xoupdika.dll

    Do not allow a reboot, Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - {F5EA4EF2-D549-A89C-4B86-F75A663D12C4} - (no file)


    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\caukdnbk.dll (file missing)

    O2 - BHO: (no name) - {AEEC912B-D860-4132-B849-7157A8A70708} - C:\WINDOWS\system32\qlsqemna.dll (file missing)


    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\xoupdika.dll ",setvm


    O18 - Filter: text/html - (no CLSID) - (no file)


    O20 - AppInit_DLLs:


    O20 - Winlogon Notify: byxvstt - byxvstt.dll (file missing)

    O20 - Winlogon Notify: winhyo32 - winhyo32.dll (file missing)


    Reboot, Then download ComboScan to your desktop.

    Close all applications and windows.
    • Double-click on comboscan.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - ComboScan.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread back into this thread for me to view.
    A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
    Please attach Supplementary.txt to your post.

    Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    At this point reboot the system, and post back another HJT log file along with the other two logs requested.
     
    TeMerc,
    #5
  7. 2007/04/21
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    two parts too long part A

    PART 1

    This is too long to post so it is in two parts

    here is my combo scan log followed by the adendum it gave me.
    I ran safeBoot and it told me that my key was fine. Hmmm?
    I also got this message when I pressed repair on HijackThis

    "An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: )
    Error #5 - Invalid procedure call or argument


    ComboScan v20070306.20 run by les cooper on 2007-04-20 at 22:08:23
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------
    HijackThis (run as les cooper.exe) ------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 10:08:47 PM, on 4/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\notepad.exe
    C:\Documents and Settings\les cooper\Desktop\comboscan.exe
    C:\PROGRA~1\HIJACK~1\LESCOO~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL
    O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [CDTrayPal] C:\Documents and Settings\les cooper\Desktop\CDTrayPal\cdtray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe "
    O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139431480029
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162924894500
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe


    -- Files created between 2007-03-20 and 2007-04-20 -----------------------------

    2007-09-13 03:00:34 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
    2007-04-19 03:39:09 0 d-------- C:\Program Files\bxNewFolder<BXNEWF~1>
    2007-04-18 20:18:34 0 d-------- C:\Program Files\iPod
    2007-04-15 03:15:02 0 d-------- C:\Program Files\Veoh Networks<VEOHNE~1>
    2007-04-14 04:42:25 1936528 --a------ C:\WINDOWS\system32\ltmm15.dll
    2007-04-14 04:42:24 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll<DSKERN~1.DLL>
    2007-04-14 04:42:14 737280 --a------ C:\WINDOWS\iun6002.exe
    2007-04-14 04:41:51 0 d-------- C:\Program Files\Replay Converter<REPLAY~1>
    2007-04-14 00:43:51 0 d-------- C:\Documents and Settings\les cooper\Application Data\Uniblue
    2007-04-14 00:08:35 0 d-------- C:\Program Files\Panicware<PANICW~1>
    2007-04-14 00:07:35 0 d-------- C:\Program Files\Arcade!
    2007-04-13 07:33:06 0 d-------- C:\Documents and Settings\les cooper\Application Data\WebCompiler3<WEBCOM~1>
    2007-04-12 10:48:11 123972 --a------ C:\WINDOWS\system32\jfexcxjj.dll
    2007-04-12 00:43:57 0 d-------- C:\Program Files\Common Files\Java
    2007-04-11 18:24:07 123972 --a------ C:\WINDOWS\system32\odwvwgvq.dll
    2007-04-10 09:28:25 21312 --a------ C:\WINDOWS\choice.exe
    2007-04-10 09:25:47 0 d-------- C:\ie-spyad2<IE-SPY~1>
    2007-04-10 09:16:26 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
    2007-04-09 16:32:19 0 d-------- C:\Documents and Settings\les cooper\.housecall6.6<HOUSEC~1.6>
    2007-04-01 17:12:09 132116 --a------ C:\WINDOWS\system32\havhoptx.dll
    2007-04-01 17:11:47 132116 --a------ C:\WINDOWS\system32\leqnfciq.dll
    2007-03-24 19:39:59 0 d-------- C:\Program Files\Koloroo
    2007-03-22 12:10:31 0 d-------- C:\VundoFix Backups<VUNDOF~1>
    2007-03-22 12:06:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
    2007-03-22 10:14:35 0 d-------- C:\Documents and Settings\les cooper\Application Data\RegClean
    2007-03-22 10:14:31 0 d-------- C:\Program Files\RegClean
    2007-03-22 10:09:55 0 d-------- C:\Program Files\RegistryFix<REGIST~2>
    2007-03-21 19:42:03 0 d-------- C:\!KillBox
    2007-03-21 19:39:23 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-03-21 19:39:18 0 d-------- C:\Program Files\Grisoft
    2007-03-21 19:17:30 0 d-------- C:\Program Files\VSAdd-in
    2007-03-21 12:00:31 0 d-------- C:\Program Files\Ivy Video Converter<IVYVID~1>


    -- Find3M Report ---------------------------------------------------------------

    2007-04-20 22:06:42 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
    2007-04-18 21:51:38 0 d-------- C:\Program Files\Common Files\Real
    2007-04-18 21:51:17 0 d-------- C:\Documents and Settings\les cooper\Application Data\Real
    2007-04-18 20:18:46 0 d-------- C:\Program Files\iTunes
    2007-04-17 12:19:06 0 d-------- C:\Documents and Settings\les cooper\Application Data\Skype
    2007-04-15 21:06:37 0 d-------- C:\Documents and Settings\les cooper\Application Data\Azureus
    2007-04-15 03:15:41 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
    2007-04-14 20:43:43 0 d-------- C:\Program Files\TrojanHunter 4.6<TROJAN~1.6>
    2007-04-14 00:05:44 0 d-------- C:\Program Files\LimeWire
    2007-04-13 06:23:34 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
    2007-04-13 05:53:20 0 d-------- C:\Program Files\Hide Folders XP 2<HIDEFO~1>
    2007-04-12 01:00:24 0 d-------- C:\Program Files\Java
    2007-04-10 10:15:08 0 d-------- C:\Program Files\Opera
    2007-03-27 15:06:27 0 d-------- C:\Documents and Settings\les cooper\Application Data\dvdcss
    2007-03-22 18:13:04 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0>
    2007-03-22 11:39:25 0 d-------- C:\Program Files\eMule
    2007-03-22 11:21:39 0 d-------- C:\Program Files\LimeWire Download Accelerator Pro<LIMEWI~1>
    2007-03-22 10:22:44 0 d-------- C:\Program Files\Yahoo!
    2007-03-21 22:46:58 0 d-------- C:\Program Files\NewsLeecher<NEWSLE~1>
    2007-03-21 22:45:32 0 d-------- C:\Program Files\FSW FLVPlayer<FSWFLV~1>
    2007-03-21 22:13:18 0 d--hs---- C:\Program Files\outlook
    2007-03-21 19:05:29 0 d---s---- C:\Documents and Settings\les cooper\Application Data\Microsoft<MICROS~1>
    2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-14 09:19:56 0 d-------- C:\Program Files\Kingdia Software<KINGDI~1>
    2007-03-09 03:12:32 27648 --ahs---- C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
    2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
    2007-03-07 14:25:24 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
    2007-03-06 05:13:09 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-03-04 22:45:28 0 d-------- C:\Program Files\Real
    2007-03-04 07:55:40 719872 --a------ C:\WINDOWS\system32\devil.dll
    2007-03-04 07:55:31 308224 --a------ C:\WINDOWS\system32\avisynth.dll
    2007-03-03 21:04:02 0 d-------- C:\Program Files\FirstClass<FIRSTC~1>
    2007-03-01 12:46:48 0 d-------- C:\Program Files\Red Chair Software<REDCHA~1>
    2007-03-01 12:46:48 0 d-------- C:\Documents and Settings\les cooper\Application Data\Red Chair Software<REDCHA~1>
    2007-03-01 10:18:15 8464 --a------ C:\WINDOWS\system32\sporder.dll
    2007-02-26 13:48:58 0 d-------- C:\Program Files\Feed Mix<FEEDMI~1>
    2007-02-22 20:07:36 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1>
    2007-02-22 20:06:11 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
    2007-02-21 23:34:31 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
    2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
    2007-02-02 10:34:46 20536 --a------ C:\Documents and Settings\les cooper\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
    2007-01-29 04:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


    -- Registry Dump ---------------------------------------------------------------


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "H/PC Connection Agent "= "\ "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\" "
    "ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
    "PopUpStopperFreeEdition "= "\ "C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\" "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "HDSPTray1 "= "hdsp32.exe "
    "HDSPTray2 "= "hdspmix.exe "
    "MediafourGettingStartedWithMacDrive6 "= "\ "C:\\Program Files\\Mediafour\\MacDrive\\MacDrive.exe\" /runonce "
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe "
    "nwiz "= "nwiz.exe /install "
    "SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\" "
    "DAEMON Tools-1033 "= "\ "C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 "
    "CDTrayPal "= "C:\\Documents and Settings\\les cooper\\Desktop\\CDTrayPal\\cdtray.exe "
    "iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed "= "1 "
    "NoChange "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
    "item "= "Adobe Reader Speed Launch "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GammaTray.lnk "
    "backup "= "C:\\WINDOWS\\pss\\GammaTray.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\MAGICT~1\\GAMMAT~1.EXE "
    "item "= "GammaTray "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
    "item "= "Logitech SetPoint "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l "
    "item "= "Microsoft Office "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NaturalColorLoad.lnk "
    "backup "= "C:\\WINDOWS\\pss\\NaturalColorLoad.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\SEC\\NATURA~1\\NATURA~1.EXE "
    "item "= "NaturalColorLoad "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Google Web Accelerator.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Run Google Web Accelerator.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\Google\\WEBACC~1\\GOOGLE~2.EXE "
    "item "= "Run Google Web Accelerator "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TabUserW.exe.lnk "
    "backup "= "C:\\WINDOWS\\pss\\TabUserW.exe.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\WINDOWS\\system32\\WTablet\\TabUserW.exe "
    "item "= "TabUserW.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^les cooper^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    "path "= "C:\\Documents and Settings\\les cooper\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup "
    "location "= "Startup "
    "command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item "= "Adobe Gamma "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^les cooper^Start Menu^Programs^Startup^Anapod Manager.lnk]
    "path "= "C:\\Documents and Settings\\les cooper\\Start Menu\\Programs\\Startup\\Anapod Manager.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Anapod Manager.lnkStartup "
    "location "= "Startup "
    "command "= "C:\\PROGRA~1\\REDCHA~1\\ANAPOD~1\\anamgr.exe "
    "item "= "Anapod Manager "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^les cooper^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
    "path "= "C:\\Documents and Settings\\les cooper\\Start Menu\\Programs\\Startup\\Yahoo! Widget Engine.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup "
    "location "= "Startup "
    "command "= "C:\\PROGRA~1\\Yahoo!\\YAHOO!~1\\YAHOOW~1.EXE "
    "item "= "Yahoo! Widget Engine "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "=" "
    "hkey "= "HKCU "
    "command "=" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "ALCMTR "
    "hkey "= "HKLM "
    "command "= "ALCMTR.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "avgcc "
    "hkey "= "HKLM "
    "command "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "avgnt "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "avp "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "NMBgMonitor "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "CAVTray "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVTray.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "caissdt "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "CAVRID "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\" "
    "inimapping "= "0 "
     
    macsearcher,
    #6
  8. 2007/04/21
    macsearcher

    macsearcher Inactive Thread Starter

    Joined:
    2007/04/10
    Messages:
    7
    Likes Received:
    0
    Two parts Part B (part A see above)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "taskswitch "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\taskswitch.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crtt]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "userinit "
    "hkey "= "HKCU "
    "command "= "\ "C:\\PROGRA~1\\MANTEC~1\\userinit.exe\" -vt ndrv "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "ctfmon "
    "hkey "= "HKCU "
    "command "= "C:\\WINDOWS\\system32\\ctfmon.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "daemon "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "PrintScreen "
    "hkey "= "HKCU "
    "command "= "C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe /nosplash "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "wcescomm "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "cledx "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "hpztsb04 "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "hphmon03 "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\hphmon03.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "ISUSPM "
    "hkey "= "HKLM "
    "command "= "C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "issch "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "iTunesHelper "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "KHALMNPR "
    "hkey "= "HKLM "
    "command "= "KHALMNPR.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "Language "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "KHALMNPR "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "MDDiskProtect "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\Mediafour\\MacDrive\\MDDiskProtect.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "MACVNTFY "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Common Files\\Mediafour\\MACVNTFY.EXE\" /auto "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "msmsgs "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "NvCpl "
    "hkey "= "HKLM "
    "command "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "NvMcTray "
    "hkey "= "HKLM "
    "command "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "nwiz "
    "hkey "= "HKLM "
    "command "= "nwiz.exe /install "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "outlook "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\outlook\\outlook.exe /auto "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pdmajbtv]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "?hkdsk "
    "hkey "= "HKCU "
    "command "= "C:\\Program Files\\Common Files\\s?stem\\?hkdsk.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "PicasaMediaDetector "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDrive]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "xoupdika "
    "hkey "= "HKLM "
    "command "= "rundll32.exe \ "C:\\WINDOWS\\system32\\xoupdika.dll\ ",setvm "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "qttask "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "PDVDServ "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "RTHDCPL "
    "hkey "= "HKLM "
    "command "= "RTHDCPL.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "Skype "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "sfhimcwn "
    "hkey "= "HKLM "
    "command "= "rundll32.exe \ "C:\\WINDOWS\\system32\\sfhimcwn.dll\ ",setvm "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyFalcon]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "SpyFalcon "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\SpyFalcon\\SpyFalcon.exe /h "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "jusched "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "Res "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\USBToolbox\\Res.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "VeohClient "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "MSASCui "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AntiVirService "=dword:00000002
    "AntiVirScheduler "=dword:00000002
    "SandraTheSrv "=dword:00000003
    "SandraDataSrv "=dword:00000003


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "
    "{28CEA1DA-2199-4AEE-BA75-9032C8450B66} "=" "
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Norton SystemWorks "= "\ "C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz "
    "DWQueuedReporting "= "\ "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "Norton SystemWorks "= "\ "C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz "
    "DWQueuedReporting "= "\ "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=dword:00000000
    "NoDispAppearancePage "=dword:00000000
    "NoColorChoice "=dword:00000000
    "NoSizeChoice "=dword:00000000
    "NoDispBackgroundPage "=dword:00000000
    "NoDispScrSavPage "=dword:00000000
    "NoDispCPL "=dword:00000000
    "NoVisualStyleChoice "=dword:00000000
    "NoDispSettingsPage "=dword:00000000
    "NoSecCpl "=dword:00000000
    "DisableChangePassword "=dword:00000000
    "DisableLockWorkstation "=dword:00000000
    "DisableRegistryTools "=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktopChanges "=dword:00000000
    "NoCDBurning "=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive "=dword:00000000
    "NoActiveDesktop "=dword:00000000
    "NoSaveSettings "=dword:00000000
    "NoThemesTab "=dword:00000000
    "ForceActiveDesktopOn "=dword:00000000
    "NoPrinterTabs "=dword:00000000
    "NoDeletePrinter "=dword:00000000
    "NoAddPrinter "=dword:00000000
    "NoPrinters "=dword:00000000
    "NoNetworkConnections "=dword:00000000
    "NoFavoritesMenu "=dword:00000000
    "NoRun "=dword:00000000
    "NoFind "=dword:00000000
    "NoClose "=dword:00000000
    "NoCommonGroups "=dword:00000000
    "NoSetFolders "=dword:00000000
    "NoSMHelp "=dword:00000000
    "NoChangeStartMenu "=dword:00000000
    "NoViewContextMenu "=dword:00000000
    "NoFileMenu "=dword:00000000
    "NoShellSearchButton "=dword:00000000
    "NoToolbarCustomize "=dword:00000000
    "NoRecentDocsNetHood "=dword:00000000
    "NoChangeAnimation "=dword:00000000
    "NoChangeKeyboardNavigationIndicators "=dword:00000000
    "NoDesktop "=dword:00000000
    "HideClock "=dword:00000000
    "NoManageMyComputerVerb "=dword:00000000
    "NoLowDiskSpaceChecks "=dword:00000000
    "NoCDBurning "=dword:00000000
    "NoStartMenuPinnedList "=dword:00000000
    "NoStartMenuMFUprogramsList "=dword:00000000
    "NoUserNameInStartMenu "=dword:00000000
    "StartmenuLogoff "=dword:00000000
    "NoStartMenuSubFolders "=dword:00000000
    "NoRecentDocsMenu "=dword:00000000
    "ClearRecentDocsOnExit "=dword:00000000

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
     
    macsearcher,
    #7
  9. 2007/04/22
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    That is a common error with HJT when trying to delete 020 entries, so no worries there.

    Few more files to kill with Killbox.

    Is safe mode available yet?

    Using KillBox, as instructed previously, insert the following files for deletion:
    C:\WINDOWS\system32\ltmm15.dll
    C:\WINDOWS\system32\jfexcxjj.dll
    C:\WINDOWS\system32\odwvwgvq.dll
    C:\WINDOWS\system32\havhoptx.dll
    C:\WINDOWS\system32\leqnfciq.dll

    Reboot then I'd like to run another file tool.

    Download combofix.exe
    • Double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
    TeMerc,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...