Jump to content

Explore.exe won't run, malwarebytes won't run


Recommended Posts

Hi,

I am experiencing similar problems as some other users have posted. My current situation is task manager will run and I can seem to launch most applications except explorer.

I was following an earlier post about Malwarebytes getting stuck on c:\windows\system32\zipfldr.dll. I ran through as much as I could and after Combo-Fix ran I was able to see my taskbar, etc. I was then able to run Malwarebytes and did a full scan. It found about 20 items which I had it then clean.

Then I rebooted, and I am back to where I was before I ran Combo-Fix. So, I thought i might run it again, and it now gives me an error that says ComboFix can not be renamed Combo-Fix. I figure I can either remove the original log or try another name but thought better and decided to ask for help as I seem to be going in circles. Malware bytes took about 11 hours to run the first time.

Logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:05:03 PM, on 8/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\procexp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\trend micro\findem.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')

O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe

O4 - Startup: WASTE.lnk = C:\Program Files\WASTE\WASTE.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.0.253/JpegInst.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228921806406

O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://bn-sav01.nuance.com/webinstall/webinst.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wbs27beta.webex.com/client/T27L/training/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} (pmpeg4cam Class) - http://192.168.0.253/MpegInst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Nuance Watcher Daemon - Unknown owner - C:\Program Files\Nuance\Common\core-services\bin\watcher-daemon-win32-service.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 9497 bytes

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS]

"Google Update" = ""C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]

"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]

"itype" = ""c:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS]

"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\ipoint.exe"" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"dvd43" = "C:\Program Files\dvd43\dvd43_tray.exe" [empty string]

"MP10_EnsureFileVer" = "C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions" [MS]

"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"BlackBerryAutoUpdate" = "C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background" ["Research In Motion Limited"]

"LogitechQuickCamRibbon" = ""C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide" ["Logitech Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{51EEE242-AD87-11d3-9C1E-0090278BBD99}" = "Vim Shell Extension"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Vim\vim70\gvimext.dll" ["Tianmiao Hu's Developer Studio"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"

-> {HKLM...CLSID} = "ImageExtractorShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"

-> {HKLM...CLSID} = "CInfoTipShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]

"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"

-> {HKLM...CLSID} = "My Bluetooth Places"

\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"

-> {HKLM...CLSID} = "VpshellEx Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

"{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page"

\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll"" [MS]

"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"

\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]

"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"

\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]

"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"

\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]

"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"

\InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]

"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"

-> {HKLM...CLSID} = "Wireless Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]

"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"

-> {HKLM...CLSID} = "Wheel Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]

"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"

-> {HKLM...CLSID} = "Activities Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]

"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"

-> {HKLM...CLSID} = "Buttons Property Page"

\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]

"{6D0E6651-1CD8-11d6-92C4-0003479E4848}" = "NVIDIA NT4 Multimon Control Panel Extension"

-> {HKLM...CLSID} = "NVIDIA NT4 Multimon Control Panel Extension"

\InProcServer32\(Default) = "nvnt4cpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{30351348-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{30351347-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{3035134A-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{3035134C-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{30351346-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{30351349-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{3035134B-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{3035134D-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{3035134E-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{3035134F-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{30351350-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

"{C5994560-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994561-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994562-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994563-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994564-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994565-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994566-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994567-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{C5994568-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"]

"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"

-> {HKLM...CLSID} = "Mobile Device"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS]

"{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool"

-> {HKLM...CLSID} = "VersionShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit Inc."]

"{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}" = "Record ISO Image to CD"

-> {HKLM...CLSID} = "CISORecorderContextMenu Object"

\InProcServer32\(Default) = "C:\Program Files\ISO Recorder\ISORecorder.dll" ["Alex Feinman"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)

-> {HKLM...CLSID} = "SABShellExecuteHook Class"

\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\

<<!>> "Debugger" = ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe" -p %ld -e %ld" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

<<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{30351349-7B7D-4FCC-81B4-1E394CA267EB}\(Default) = (no title provided)

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

EDPShell\(Default) = "{58549232-7081-4541-882C-767DB238453C}"

-> {HKLM...CLSID} = "EDPShellExtObj Class"

\InProcServer32\(Default) = "C:\Program Files\ExamDiff Pro\EDPShell.dll" ["PrestoSoft"]

gvim\(Default) = "{51EEE242-AD87-11d3-9C1E-0090278BBD99}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Vim\vim70\gvimext.dll" ["Tianmiao Hu's Developer Studio"]

LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

-> {HKLM...CLSID} = "VpshellEx Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Create ISO Image from directory\(Default) = "{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}"

-> {HKLM...CLSID} = "CISORecorderContextMenu Object"

\InProcServer32\(Default) = "C:\Program Files\ISO Recorder\ISORecorder.dll" ["Alex Feinman"]

EDPShell\(Default) = "{58549232-7081-4541-882C-767DB238453C}"

-> {HKLM...CLSID} = "EDPShellExtObj Class"

\InProcServer32\(Default) = "C:\Program Files\ExamDiff Pro\EDPShell.dll" ["PrestoSoft"]

LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

-> {HKLM...CLSID} = "VpshellEx Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}"

-> {HKLM...CLSID} = "TortoiseSVN"

\InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

DVDDecrypterPlayDVDMovieOnArrival\

"Provider" = "DVD Decrypter"

"InvokeProgID" = "DVDDecrypter"

"InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt"

HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

EZPixAutoplay\

"Provider" = "EZ-Pix"

"InvokeProgID" = "EZPix.Autoplay"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\EZPix.Autoplay\shell\open\command\(Default) = ""C:\Program Files\EZ-Pix\ezpix.exe" "/CAM:%1"" [file not found]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

PDVDPlayDVDMovieOnArrival\

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" MOVIE "%L"" ["CyberLink Corp."]

RhapsodyCDBurningOnArrival\

"Provider" = "Rhapsody"

"InvokeProgID" = "Rhapsody.CDBurn.3"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3\shell\open\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /burn "%1"" ["RealNetworks, Inc."]

RhapsodyDeviceOnArrival\

"Provider" = "Rhapsody"

"ProgID" = "Rhapsody.HWEventHandler"

HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler\CLSID\(Default) = "{5717E2AC-8A5C-47b7-BFE5-50BAD65AB904}"

-> {HKLM...CLSID} = "Rhapsody Helper"

\LocalServer32\(Default) = ""C:\PROGRA~1\VCASTM~1\rhaphlpr.exe"" ["RealNetworks, Inc."]

RhapsodyMusicDevice\

"Provider" = "Rhapsody"

"InvokeProgID" = "Rhapsody.MusicDevice.3"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell\open\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /device: "%1"" ["RealNetworks, Inc."]

RhapsodyPlayCDAudioOnArrival\

"Provider" = "Rhapsody"

"InvokeProgID" = "Rhapsody.AudioCD.3"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3\shell\play\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /play "%1"" ["RealNetworks, Inc."]

RhapsodyRipCDAudioOnArrival\

"Provider" = "Rhapsody"

"InvokeProgID" = "Rhapsody.AudioCDRip.3"

"InvokeVerb" = "rip"

HKLM\SOFTWARE\Classes\Rhapsody.AudioCDRip.3\shell\rip\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /rip "%1"" ["RealNetworks, Inc."]

VLCPlayCDAudioOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.CDAudio"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\

"Provider" = "VideoLAN VLC media player"

"InvokeProgID" = "VLC.DVDMovie"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Startup items in "Stephen" & "All Users" startup folders:

---------------------------------------------------------

C:\Documents and Settings\Stephen\Start Menu\Programs\Startup

"Password Safe" -> shortcut to: "C:\Program Files\Password Safe\pwsafe.exe -s" ["SourceForge.net"]

"WASTE" -> shortcut to: "C:\Program Files\WASTE\WASTE.exe" ["GNU"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"]

"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]

"QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit Inc."]

"VPN Client" -> shortcut to: "C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico -user_logon" [null data]

Enabled Scheduled Tasks:

------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"]

"GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003Core" -> launches: "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]

"GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003UA" -> launches: "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 29

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"

-> {HKLM...CLSID} = "&Links"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Create Mobile Favorite"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Create Mobile Favorite..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\

"ButtonText" = "@btrez.dll,-4015"

"MenuText" = "@btrez.dll,-4017"

"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"]

Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]

Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}

BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"]

Cisco Systems, Inc. VPN Service, CVPND, ""C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."]

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Process Monitor, LVPrcSrv, ""C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"" ["Logitech Inc."]

Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

Microsoft Office Live Meeting Document Writer Monitor\Driver = "lmdimon.dll" [MS]

SmarThru PC Fax Port\Driver = "SamFaxPort.dll" ["Samsung Software Center, Moscow"]

SUGW2 Langmon\Driver = "SUGW2LMK.DLL" ["Samsung Electronics."]

---------- (launch time: 2009-08-13 19:47:19)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 58 seconds, including 10 seconds for message boxes)

Link to post
Share on other sites

Welcome to Malwarebytes!!!! ;)

Please delete your current copy of ComboFix because it get updated often.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Link to post
Share on other sites

ComboFix 09-08-10.06 - Stephen 08/14/2009 15:09.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2350 [GMT -4:00]

Running from: c:\downloads\cf.exe

Command switches used :: cf

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))

.

2009-08-13 22:27 . 2009-08-13 22:27 -------- d-----w- c:\program files\ERUNT

2009-08-13 04:09 . 2009-08-13 04:50 -------- d-s---w- C:\Combo-Fix

2009-08-13 01:31 . 2009-08-14 15:44 -------- d-----w- c:\program files\trend micro

2009-08-13 01:31 . 2009-08-13 01:31 -------- d-----w- C:\rsit

2009-08-12 22:49 . 2009-08-12 22:49 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes

2009-08-12 22:49 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-12 22:49 . 2009-08-12 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-12 22:49 . 2009-08-12 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-12 22:49 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-30 17:29 . 2009-07-30 17:29 -------- d-----w- C:\SVNRepository

2009-07-24 22:48 . 2009-08-14 12:37 117760 ----a-w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-07-24 22:47 . 2009-07-24 22:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-24 22:34 . 2009-07-25 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\11791714

2009-07-21 00:42 . 2009-07-21 00:43 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-07-21 00:31 . 2009-07-25 00:25 -------- d-----w- c:\program files\NOS

2009-07-21 00:31 . 2009-07-25 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-07-19 02:06 . 2009-08-03 16:06 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-14 17:51 . 2008-05-21 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-08-14 17:39 . 2007-11-19 20:11 -------- d-----w- c:\program files\Password Safe

2009-08-14 04:23 . 2008-12-30 20:08 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-10 01:38 . 2007-08-06 14:12 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-07-24 22:47 . 2008-12-30 20:08 -------- d-----w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com

2009-07-18 15:59 . 2007-09-11 22:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-07-18 15:58 . 2008-03-04 20:18 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-07-09 15:21 . 2009-07-09 15:21 -------- d-----w- c:\program files\Netgear WGPS606

2009-07-09 00:30 . 2009-02-16 18:08 -------- d-----w- c:\program files\eclipse

2009-07-08 23:55 . 2009-07-08 23:55 -------- d-----w- c:\program files\eclipse-galileo

2009-07-08 15:13 . 2008-03-04 20:09 -------- d-----w- c:\program files\Common Files\LogiShrd

2009-07-08 15:05 . 2007-09-11 22:31 -------- d-----w- c:\program files\Logitech

2009-07-08 15:05 . 2008-03-04 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd

2009-07-08 14:59 . 2007-09-11 22:31 -------- d-----w- c:\program files\Common Files\Logitech

2009-07-01 14:31 . 2009-07-01 13:35 256 ----a-w- c:\windows\system32\pool.bin

2009-06-29 13:16 . 2009-06-26 19:56 -------- d-----w- c:\program files\Common Files\Research In Motion

2009-06-29 13:03 . 2009-06-29 13:03 -------- d-----w- c:\documents and settings\Stephen\Application Data\Research In Motion

2009-06-26 19:56 . 2009-06-26 19:56 -------- d-----w- c:\program files\Research In Motion

2009-06-24 15:08 . 2007-12-26 16:57 -------- d-----w- c:\documents and settings\Stephen\Application Data\Apple Computer

2009-06-24 13:33 . 2007-12-26 16:55 -------- d-----w- c:\program files\Apple Software Update

2009-06-23 23:43 . 2009-06-23 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-23 23:43 . 2007-12-26 16:56 -------- d-----w- c:\program files\iTunes

2009-06-23 23:42 . 2009-06-23 23:42 -------- d-----w- c:\program files\iPod

2009-06-23 23:42 . 2007-12-26 16:54 -------- d-----w- c:\program files\Common Files\Apple

2009-06-23 23:41 . 2009-06-23 23:41 -------- d-----w- c:\program files\Bonjour

2009-06-23 23:40 . 2009-06-23 23:39 -------- d-----w- c:\program files\QuickTime

2009-06-23 23:36 . 2007-12-26 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-06-23 23:33 . 2009-06-23 23:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-23 23:28 . 2009-03-12 13:57 -------- d-----w- c:\program files\Aniosoft iBackup Suite

2009-06-15 23:10 . 2009-06-15 23:04 -------- d-----w- c:\documents and settings\Stephen\Application Data\gnupg

2009-06-15 22:55 . 2009-06-15 22:55 -------- d-----w- c:\program files\GNU

2009-06-05 15:42 . 2009-06-23 23:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-05 15:42 . 2007-12-26 16:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-08-13_01.14.16 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-14 19:43 . 2009-08-14 19:43 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat

- 2009-07-24 22:47 . 2009-07-24 22:47 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2009-07-24 22:47 . 2009-08-13 01:35 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2009-07-24 22:47 . 2009-07-24 22:47 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2009-07-24 22:47 . 2009-08-13 01:35 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2009-08-14 14:14 . 2009-08-14 14:14 299008 c:\windows\ERDNT\8-14-2009\Users\00000002\UsrClass.dat

+ 2009-08-14 14:14 . 2005-10-20 16:02 163328 c:\windows\ERDNT\8-14-2009\ERDNT.EXE

+ 2009-08-13 22:27 . 2009-08-13 22:27 299008 c:\windows\ERDNT\8-13-2009\Users\00000002\UsrClass.dat

+ 2009-08-13 22:27 . 2005-10-20 16:02 163328 c:\windows\ERDNT\8-13-2009\ERDNT.EXE

+ 2009-08-14 14:14 . 2009-08-14 14:14 11579392 c:\windows\ERDNT\8-14-2009\Users\00000001\NTUSER.DAT

+ 2009-08-13 22:27 . 2009-08-13 22:27 11579392 c:\windows\ERDNT\8-13-2009\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-13 13684736]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

c:\documents and settings\Stephen\Start Menu\Programs\Startup\

Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2007-9-2 1241088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-5 98304]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-5 98304]

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-8-6 221247]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-7-22 577597]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\downloads\\NetTalk\\NetTalk.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [5/5/2009 4:35 PM 100944]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [5/5/2009 4:34 PM 41424]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/20/2008 10:49 AM 99376]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [4/27/2009 8:39 PM 87696]

S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [3/10/2009 10:44 AM 68096]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/12/2009 6:49 PM 38160]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/5/2009 4:35 PM 79888]

S3 VICAMUSB;3Com HomeConnect USB Camera;c:\windows\system32\drivers\vicamusb.sys --> c:\windows\system32\drivers\vicamusb.sys [?]

S4 Nuance Watcher Daemon;Nuance Watcher Daemon;c:\program files\Nuance\Common\core-services\bin\watcher-daemon-win32-service.exe [8/10/2007 2:20 PM 360448]

S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

.

Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-08-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-21 18:49]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003Core.job

- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 23:31]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003UA.job

- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 23:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\hc32xax2.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-14 15:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\BRSS01A.EXE

c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-08-14 16:01 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-14 20:00

ComboFix2.txt 2009-08-13 01:22

Pre-Run: 137,451,253,760 bytes free

Post-Run: 137,446,252,544 bytes free

293

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:18:13 PM, on 8/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\procexp.exe

C:\Program Files\trend micro\findem.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user')

O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 5058 bytes

Thanks for the help!!

Link to post
Share on other sites

Hi,

No, explorer still will not launch. If I attempt to save a file to a folder other than the current dir, note pad locks up.

I still have excessively long boot times and the wait after login to I can do something is very long > 15 mins.

Also, I have had explorer running, it just seems that if a reboot happens, like this time when I ran the fix download it appeard to reboot during the process and when I logged in again it finished writing the log that i posted previously.

I appreciate the assistance.

Link to post
Share on other sites

please go to start ----> run ---> type sigverif and press enter. Click on the Advanced button, make sure Overwrite existing log is checked. Click on Start and post the log in your next reply. Thanks

8 Unsigned, zip of SIGVERIF.TXT attached.

Thanks for the help

Link to post
Share on other sites

Copy the following into Notepad

@echo off

cls

if exist log.txt del log.txt

dir "%systemroot%\explorer.exe" /s > log.txt

notepad log.txt

del %0

Save it has look.bat and save it as All. Save it to your desktop.

In your next reply, please post the log from the batch file. Thanks

Link to post
Share on other sites

Copy the following into Notepad

Save it has look.bat and save it as All. Save it to your desktop.

In your next reply, please post the log from the batch file. Thanks

Ok, I've been able to run Malwarebyte's Anit-Malware and SuperAnitSpyware both with quick and deep. What I see is very long boot times, that is until I get the windows login screen, and then again after login and until explorer shows my desktop. While I am waiting for explorer to show the desktop I can ^AltDel and launch task manager. These wait times are maybe 10 minutes or more. This PC used to boot in less than a minute.

Here is the log.

Volume in drive C has no label.

Volume Serial Number is C01F-B1D3

Directory of C:\WINDOWS

04/13/2008 08:12 PM 1,033,728 explorer.exe

1 File(s) 1,033,728 bytes

Directory of C:\WINDOWS\$hf_mig$\KB938828\SP2QFE

06/13/2007 07:26 AM 1,033,216 explorer.exe

1 File(s) 1,033,216 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

06/13/2007 06:23 AM 1,033,216 explorer.exe

1 File(s) 1,033,216 bytes

Directory of C:\WINDOWS\$NtUninstallKB938828$

08/04/2004 06:00 AM 1,032,192 explorer.exe

1 File(s) 1,032,192 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 1,033,728 explorer.exe

1 File(s) 1,033,728 bytes

Directory of C:\WINDOWS\system32\dllcache\cache

04/13/2008 08:12 PM 1,033,728 explorer.exe

1 File(s) 1,033,728 bytes

Total Files Listed:

6 File(s) 6,199,808 bytes

0 Dir(s) 137,388,433,408 bytes free

I appreciate your help.

I'm going to run windows update and then run Malwarebytes and SUPERAntiSpyware agin.

I'll update the thread then.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.