PDA

View Full Version : crap in autorun


Drone
30-06-08, 21:41
it's called hgfudhey.dll and it uses rundll32.exe.
It's located in win/sys32 folder. What do I have to do ?

Thanks

tlr online
30-06-08, 21:44
By autorun, do you mean your Windows start-up services or when you put a CD/DVD in the tray?

Also, are you using CCleaner to view your start-up entries by any chance? If so, which version, because this is a MONSTER bug in the latest one on some Vista machines.

Drone
30-06-08, 22:06
aah my bad by autorun I mean windows start-up services. Yes I do use ccleaner. is everything ok there? thank you very much in advance

http://i29.************/nwn4eg.gif

tlr online
30-06-08, 22:11
Download CCleaner 2.07.575 and install that. I had exactly the same problem you are having (diff. file names tho) and I contacted CCleaner. And they didn't give a ****. Just sent me to their forum. But I bet that's what the problem is.

http://www.filehippo.com/download_ccleaner/4083/

tlr online
30-06-08, 22:13
^ b/w you have a ton of crap in your start-up keys. You don't need half that stuff, and it all slows down your PC.

Drone
30-06-08, 22:19
Download CCleaner 2.07.575 and install that. I had exactly the same problem you are having (diff. file names tho) and I contacted CCleaner. And they didn't give a ****. Just sent me to their forum. But I bet that's what the problem is.

http://www.filehippo.com/download_ccleaner/4083/

ah so I need to downgrade it?

^ b/w you have a ton of crap in your start-up keys. You don't need half that stuff, and it all slows down your PC.

thank you very much once again

tlr online
30-06-08, 22:20
Yes. Downgrade it.

Drone
30-06-08, 22:25
great, I fixed it as you told. Also deleted useless crap. Cheers :)

tlr online
30-06-08, 22:26
:wve:

EscondeR
01-07-08, 05:30
Run please ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report, to check :)

Drone
01-07-08, 07:12
Thank you Alex :) Unfortunately I still have random dll files in my start-up and win/sytem 32

here is the report:


Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"ATI Smart"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATI Smart
Program path & name:
c:\windows\system32\ati2sgag.exe"
Enabled: [V]


Program:
"Event propagation and logging service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ccEvtMgr
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Settings storage and management service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ccSetMgr
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Symantec Lic NetConnect Service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CLTNetCnService
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Manages Norton product notices."
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LiveUpdate Notice Ex
Program path & name:
"c:\program files\common files\symantec shared\ccsvchst.exe"
Enabled: [V]


Program:
"Manages Norton product notices"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LiveUpdate Notice Service
Program path & name:
"c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
Enabled: [V]


Program:
"Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk
Publisher:
network drive disc or FTP."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Nero BackItUp Scheduler 3
Program path & name:
"(Verified) Nero AG""c:\program files\nero 8\nero backitup\nbservice.exe"
Enabled: [V]


Program:
"Symantec Eraser Control Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
eeCtrl
Program path & name:
"c:\program files\common files\symantec shared\eengine\eectrl.sys"
Enabled: [V]


Program:
"Symantec Eraser Utility Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
EraserUtilRebootDrv
Program path & name:
"c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
Enabled: [V]


Program:
"CD/DVD Class Filter Driver"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
giveio
Program path & name:
c:\windows\system32\giveio.sys"
Enabled: [V]


Program:
"AV Engine"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NAVENG
Program path & name:
"c:\program files\common files\symantec shared\virusdefs\20080630.003\naveng.sys"
Enabled: [V]


Program:
"AV Engine"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NAVEX15
Program path & name:
"c:\program files\common files\symantec shared\virusdefs\20080630.003\navex15.sys"
Enabled: [V]


Program:
"Padus(R) ASPI Shell"
Publisher:
"(Not verified) Padus Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pfc
Program path & name:
"c:\windows\system32\drivers\pfc.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"SPBBC Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SPBBCDrv
Program path & name:
"c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
Enabled: [V]


Program:
"SpeedFan Device Driver"
Publisher:
"(Not verified) Windows (R) 2000 DDK provider"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
speedfan
Program path & name:
"c:\windows\system32\speedfan.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sptd
Program path & name:
c:\windows\system32\drivers\sptd.sys"
Enabled: [V]


Program:
"Symantec AutoProtect"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SRTSPL
Program path & name:
"c:\windows\system32\drivers\srtspl.sys"
Enabled: [V]


Program:
"Symantec AutoProtect"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SRTSPX
Program path & name:
"c:\windows\system32\drivers\srtspx.sys"
Enabled: [V]


Program:
"DNS Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMDNS
Program path & name:
"c:\windows\system32\drivers\symdns.sys"
Enabled: [V]


Program:
"Symantec Event Library"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymEvent
Program path & name:
"c:\windows\system32\drivers\symevent.sys"
Enabled: [V]


Program:
"Firewall Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMFW
Program path & name:
"c:\windows\system32\drivers\symfw.sys"
Enabled: [V]


Program:
"IDS Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMIDS
Program path & name:
"c:\windows\system32\drivers\symids.sys"
Enabled: [V]


Program:
"IDS Core Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMIDSCO
Program path & name:
"c:\program files\common files\symantec shared\symcdata\idsdefs\20080623.001\symidsco.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymIM
Program path & name:
File not found: system32\DRIVERS\SymIM.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymIMMP
Program path & name:
File not found: system32\DRIVERS\SymIM.sys"
Enabled: [V]


Program:
"NDIS Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMNDIS
Program path & name:
"c:\windows\system32\drivers\symndis.sys"
Enabled: [V]


Program:
"Redirector Filter Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMREDRV
Program path & name:
"c:\windows\system32\drivers\symredrv.sys"
Enabled: [V]


Program:
"Network Dispatch Driver"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SYMTDI
Program path & name:
"c:\windows\system32\drivers\symtdi.sys"
Enabled: [V]


Program:
"Microsoft® Document Imaging"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Microsoft Document Imaging Writer Monitor
Program path & name:
"c:\windows\system32\mdimon.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\byXPhIxy
Program path & name:
c:\windows\system32\byxphixy.dll"
Enabled: [V]


Program:
"Internet Shortcut Shell Extension DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
url
Program path & name:
"c:\windows\system32\url.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
urlmon
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Internet Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
wininet
Program path & name:
"c:\windows\system32\wininet.dll"
Enabled: [V]


Program:
"LiveUpdate Notice Service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Symantec PIF AlertEng
Program path & name:
"c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
Enabled: [V]


Program:
"Catalyst® Control Center Launcher"
Publisher:
"(Not verified) Advanced Micro Devices Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
StartCCC
Program path & name:
"c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
Enabled: [V]


Program:
"Symantec User Session"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ccApp
Program path & name:
"c:\program files\common files\symantec shared\ccapp.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BM4f721d3e
Program path & name:
c:\windows\system32\kvrqbquo.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/octet-stream
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-complus
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-msdownload
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
Class Install Handler
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
deflate
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
gzip
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
lzdhtml
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
about
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
cdl
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
file
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ftp
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
gopher
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
http
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
https
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
javascript
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
local
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
mailto
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"OLE32 Extensions for Win32"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
mk
Program path & name:
"c:\windows\system32\urlmon.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
res
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
sysimage
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
"Microsoft (R) HTML Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
vbscript
Program path & name:
"c:\windows\system32\mshtml.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"IE Per User Active Setup Uninstall Utility"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
IE7 Uninstall Stub
Program path & name:
"c:\windows\system32\ieudinit.exe"
Enabled: [V]


Program:
"IEAK branding"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Browser Customizations
Program path & name:
"c:\windows\system32\iedkcs32.dll"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
NetMeeting 3.01
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Windows Messenger 4.7
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"ADVPACK"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Microsoft Windows Media Player
Program path & name:
"c:\windows\system32\advpack.dll"
Enabled: [V]


Program:
"IE Per-User Initialization Utility"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
Internet Explorer
Program path & name:
"c:\windows\system32\ie4uinit.exe"
Enabled: [V]


Program:
"Microsoft .NET IE SECURITY REGISTRATION"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
"c:\windows\system32\mscories.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WebCheck
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]


Program:
"NcoBHO"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
Program path & name:
"c:\program files\common files\symantec shared\coshared\browser\1.5\nppbho.dll"
Enabled: [V]


Program:
"Flashget CatchUrl Module"
Publisher:
"(Not verified) www.flashget.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
FGCatchUrl
Program path & name:
"c:\program files\flashget\jccatch.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_05\bin\ssv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{CA170DAF-3300-4BC0-B738-A6E20B7C78B4}
Program path & name:
c:\windows\system32\byxphixy.dll"
Enabled: [V]


Program:
"Flashget GetFlash Module"
Publisher:
"(Not verified) www.flashget.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
FlashGet GetFlash Class
Program path & name:
"c:\program files\flashget\getflash.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Search Band
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell DocObject Viewer
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
InternetShortcut
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Url History Service
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
History
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Temporary Internet Files
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Temporary Internet Files
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Url Search Hook
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
The Internet
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Internet Name Space
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Object Control Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ActiveX Cache Folder
Program path & name:
"c:\windows\system32\occache.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheck
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Subscription Mgr
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Subscription Folder
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheckWebCrawler
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheckChannelAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
TrayAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Code Download Agent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ConnectionAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PostAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheck SyncMgr Handler
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Extensions Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Extensions Manager Folder
Program path & name:
"c:\windows\system32\extmgr.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Microsoft BrowserBand
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Fade Task
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Menu Desk Bar
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE AutoComplete
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Navigation Bar
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Menu Site
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Menu Band
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Microsoft History AutoComplete List
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Tracking Shell Menu
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE IShellFolderBand
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE BandProxy
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE MRU AutoComplete List
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE RSS Feeder Folder
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Microsoft Shell Folder AutoComplete List
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Microsoft Multiple AutoComplete List Container
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Browser Architecture
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Shell Rebar BandSite
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Shell Band Site Menu
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
&Links
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Registry Tree Options Utility
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE User Assist
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
IE Custom MRU AutoCompleted List
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"PowerISOShell DLL"
Publisher:
"(Not verified) PowerISO Computing Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PowerISO
Program path & name:
"c:\program files\poweriso\pwrisosh.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellLink for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Icon Handler for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalIconHandler
Program path & name:
"c:\program files\common files\nero\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalPropSheetHandler
Program path & name:
"c:\program files\common files\nero\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
NeroDigitalColumnHandler Class
Program path & name:
"c:\program files\common files\nero\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
"Internet Explorer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
Entry name:
ieframe.dll
Program path & name:
"c:\windows\system32\ieframe.dll"
Enabled: [V]


Program:
"UIBhoImpl"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
NCO Toolbar
Program path & name:
"c:\program files\common files\symantec shared\coshared\browser\1.5\uibho.dll"
Enabled: [V]


Program:
"FlashGet"
Publisher:
"(Not verified) FlashGet.com"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
FlashGet
Program path & name:
"c:\program files\flashget\flashget.exe"
Enabled: [V]

EscondeR
01-07-08, 07:30
Download Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx), boot in Safe mode, run Autoruns and kill those:


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymIM
Program path & name:
File not found: system32\DRIVERS\SymIM.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SymIMMP
Program path & name:
File not found: system32\DRIVERS\SymIM.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\byXPhIxy
Program path & name:
c:\windows\system32\byxphixy.dll"
Enabled: [V] - Virus!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BM4f721d3e
Program path & name:
c:\windows\system32\kvrqbquo.dll"
Enabled: [V] - Virus!


Program:
"NcoBHO"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
Program path & name:
"c:\program files\common files\symantec shared\coshared\browser\1.5\nppbho.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{CA170DAF-3300-4BC0-B738-A6E20B7C78B4}
Program path & name:
c:\windows\system32\byxphixy.dll"
Enabled: [V] - MALWARE!


Get rid of Symantec crap completely - it's obvious it protects you NOT. Use Zone Alarm (http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp) and Kaspersky Antivirus (http://www.kaspersky.com) or AVG.

Drone
01-07-08, 08:03
thank you very much I killed them and deleted from system 32. But
byxphixy.dll crap can't be deleted even in safe mode with administrator logg!!! System just refuses to delete it :(

Yup I will get rid of useless symantec and isntall avg

EscondeR
01-07-08, 08:12
But byxphixy.dll crap can't be deleted even in safe mode with administrator logg!!! System just refuses to delete it :(


Either boot in Safe mode and use Unlocker (http://ccollomb.free.fr/unlocker/) to remove, or boot from CD and kill the file itself, then reboot normally and remove the reference :)

Drone
01-07-08, 08:38
yay to unlocker :D thanks it's gone

EscondeR
01-07-08, 09:05
:tmb: