Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rsdlupdater.exe Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Built2Play

Built2Play

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 17 November 2007 - 12:31 AM

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : RONRON
Creation time : 11/16/2007 11:49:12 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16546
OS : Windows Vista ™ Ultimate
OS Build : 6000
OS SP :
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
* c:\users\user\appdata\roaming\u3\06d08b6160d3491f\1f30627f-0195-44d4-8c24-1999f3c02c50\exec\avastu3.exe (ALWIL Software)
* c:\users\user\appdata\roaming\u3\06d08b6160d3491f\1f30627f-0195-44d4-8c24-1999f3c02c50\exec\scanu3.exe (ALWIL Software)
* c:\program files\common files\logishrd\lqcvfx\cocimanager.exe (Logitech Inc.)
* c:\program files\common files\logishrd\lcommgr\communications_helper.exe
* c:\program files\intel\amt\atchk.exe (Intel Corporation)
* c:\program files\digitalpersona\bin\dpagnt.exe (DigitalPersona, Inc.)
* c:\windows\rthdvcpl.exe (Realtek Semiconductor)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
* c:\windows\system32\igfxsrvc.exe (Intel Corporation)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
c:\program files\common files\installshield\updateservice\issch.exe (InstallShield Software Corporation)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
c:\users\user\appdata\roaming\u3\06d08b6160d3491f\launchpad.exe
* c:\program files\common files\logishrd\lvcomser\lvcomser.exe (Logitech Inc.)
* c:\program files\pointstone\memoptimizer 3\memoptimizer.exe (Pointstone Software, LLC)
* c:\program files\common files\ahead\lib\nmindexstoresvr.exe (Nero AG)
* c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)
* c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)
* c:\program files\trend micro\internet security 2007\pccguide.exe (Trend Micro Inc.)
* c:\progra~1\trendm~1\intern~1\pccmain.exe (Trend Micro Inc.)
* c:\progra~1\trendm~1\intern~1\pccvscan.exe (Trend Micro Inc.)
* c:\windows\system32\igfxpers.exe (Intel Corporation)
* c:\program files\logitech\quickcam\quickcam.exe
c:\programdata\microsoft\windows\start menu\programs\startup\rsdlupdater.exe
* h:\documents\downloads\runscanner.exe (Runscanner.net)
* c:\program files\system mechanic 7\smsystemanalyzer.exe
* c:\program files\intel\idu\iptray.exe (OSA Technologies Inc., An Avocent Company)
* c:\users\user\appdata\local\trend micro\hcms\flock\en-us\flmain.exe (Trend Micro Inc.)
c:\program files\turtle beach\audioadvantagemicro\tbaa.exe (Voyetra Turtle Beach, Inc.)
c:\program files\winamp\winampa.exe

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\intel\amt\atchk.exe (Intel Corporation)
* c:\program files\digitalpersona\bin\dpagnt.exe (DigitalPersona, Inc.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
* c:\windows\system32\igfxtray.exe (Intel Corporation)
* c:\program files\iolo\common\lib\iololmanager.exe
* c:\program files\intel\idu\iptray.exe (OSA Technologies Inc., An Avocent Company)
c:\program files\common files\installshield\updateservice\issch.exe (InstallShield Software Corporation)
* c:\program files\itunes\ituneshelper.exe (Apple Inc.)
* c:\program files\cyberlink\powerdvd\language\language.exe
* c:\program files\common files\logishrd\lcommgr\communications_helper.exe
* c:\program files\logitech\quickcam\quickcam.exe
* c:\program files\common files\ahead\lib\nerocheck.exe (Nero AG)
* c:\program files\trend micro\internet security 2007\pccguide.exe (Trend Micro Inc.)
* c:\windows\system32\igfxpers.exe (Intel Corporation)
* C:\Windows\rthdvcpl.exe (Realtek Semiconductor)
c:\program files\turtle beach\audioadvantagemicro\tbaa.exe (Voyetra Turtle Beach, Inc.)
c:\program files\winamp\winampa.exe

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)
c:\progra~1\common~1\instal~1\update~1\isuspm.exe (InstallShield Software Corporation)
* c:\users\user\appdata\local\trend micro\hcms\flock\en-us\flmain.exe (Trend Micro Inc.)

005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
c:\programdata\microsoft\windows\start menu\programs\startup\rsdlupdater.exe

006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\common~1\adobe\calibr~1\adobeg~1.exe (Adobe Systems, Inc.)
c:\programdata\microsoft\windows\start menu\programs\startup\rsdlupdater.exe

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
--------------------------------------------------------------------------
* c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
------------------------------------------------------------------------
* c:\program files\common files\ahead\lib\nmbgmonitor.exe (Nero AG)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
* c:\program files\intel\idu\awserv.exe (Admin Works Agent X8)
c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe (Apple Mobile Device)
* c:\program files\digitalpersona\bin\dphost.exe (Biometric Authentication Service)
* c:\program files\cyberlink\shared files\richvideo.exe (Cyberlink RichVideo Service(CRVS))
* c:\program files\intel\amt\lms.exe (Intel® Active Management Technology Local Management Service)
* c:\program files\intel\amt\atchksrv.exe (Intel® Active Management Technology System Status Service)
* c:\program files\intel\amt\uns.exe (Intel® Active Management Technology User Notification Service)
* c:\program files\iolo\common\lib\iolodmvsvc.exe (iolo DMV Service)
* c:\program files\ipod\bin\ipodservice.exe (iPod Service)
* c:\program files\common files\logishrd\lvcomser\lvcomser.exe (LVCOMSer)
* c:\program files\common files\logishrd\srvlnch\srvlnch.exe (LVSrvLauncher)
* c:\program files\nero\nero 7\nero backitup\nbservice.exe (NBService)
* c:\program files\common files\ahead\lib\nmindexingservice.exe (NMIndexingService)
* c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe (Process Monitor)
* C:\Program Files\winpcap\rpcapd.exe (Remote Packet Capture Protocol v.0 (experimental))
* c:\program files\sisoftware sandra lite\win32\rpcdatasrv.exe (SiSoftware Database Agent Service)
* c:\program files\sisoftware sandra lite\rpcsandrasrv.exe (SiSoftware Sandra Agent Service)
* c:\progra~1\trendm~1\intern~1\pcctlcom.exe (Trend Micro Central Control Component)
* c:\progra~1\trendm~1\intern~1\tmpfw.exe (Trend Micro Personal Firewall)
* c:\progra~1\trendm~1\intern~1\pcscnsrv.exe (Trend Micro Protection Against Spyware)
* c:\progra~1\trendm~1\intern~1\tmproxy.exe (Trend Micro Proxy Service)
* c:\progra~1\trendm~1\intern~1\tmntsrv.exe (Trend Micro Real-time Service)
c:\program files\viewpoint\common\viewpointservice.exe (Viewpoint Manager Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* c:\program files\cyberlink\powerdvd\000.fcl ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
* C:\Windows\system32\drivers\usbvm305.sys (A4 TECH PC Camera V)
C:\Windows\system32\drivers\usbaapl.sys (Apple Mobile USB Driver)
* C:\Windows\system32\drivers\aticxcap.sys (ATI TV Wonder Pro A/V Capture)
* C:\Windows\system32\drivers\aticxxbr.sys (ATI TV Wonder Pro A/V Crossbar)
* C:\Windows\system32\drivers\aticxtun.sys (ATI TV Wonder Pro Tuner (Philips 1236 MK3))
c:\windows\system32\drivers\bantext.sys (Belarc SMBios Access)
- c:\windows\system32\drivers\blbdrive.sys (blbdrive.sys)
* c:\windows\system32\drivers\brserid.sys (Brother MFC Serial Port Interface Driver (WDM))
* c:\windows\system32\drivers\brusbmdm.sys (Brother MFC USB Fax Only Modem)
* c:\windows\system32\drivers\brusbser.sys (Brother MFC USB Serial WDM Driver)
* c:\windows\system32\drivers\brfiltlo.sys (Brother USB Mass-Storage Lower Filter Driver)
* c:\windows\system32\drivers\brfiltup.sys (Brother USB Mass-Storage Upper Filter Driver)
* c:\windows\system32\drivers\brserwdm.sys (Brother WDM Serial driver)
C:\Windows\system32\drivers\bwcdrv.sys (BUFFALO Wireless Configuration)
C:\Windows\system32\drivers\cm102.sys (C-Media CM102 Like Sound UDAX Interface)
c:\progra~1\dscaler\dsdrv4.sys (DSDrv4)
c:\windows\system32\drivers\elrawdsk.sys (ElRawDisk)
* C:\Windows\system32\drivers\usbdpfp.sys (Fingerprint Reader Class Driver)
* C:\Windows\system32\drivers\dpk0bx01.sys (Fingerprint Reader Filter Driver)
c:\windows\system32\drivers\invoker.sys (Flash5 Invoker Service)
c:\windows\system32\drivers\flexbios.sys (FlexBIOS Service)
* C:\Windows\system32\drivers\gearaspiwdm.sys (GEARAspiWDM)
C:\Windows\system32\giveio.sys (giveio)
C:\Windows\system32\drivers\smbios.sys (Intel ® System Management BIOS Service)
* c:\windows\system32\drivers\iastorv.sys (Intel RAID Controller Vista)
* C:\Windows\system32\drivers\heci.sys (Intel® Management Engine Interface)
* C:\Windows\system32\drivers\e1g60i32.sys (Intel® PRO/1000 NDIS 6 Adapter Driver)
* C:\Windows\system32\drivers\e1e6032.sys (Intel® PRO/1000 PCI Express Network Connection Driver)
* C:\Windows\system32\drivers\intelsmb.sys (Intel® SMBus 2.0 Driver)
- c:\windows\system32\drivers\ipinip.sys (IP in IP Tunnel Driver)
- c:\windows\system32\drivers\nwlnkflt.sys (IPX Traffic Filter Driver)
- c:\windows\system32\drivers\nwlnkfwd.sys (IPX Traffic Forwarder Driver)
* c:\windows\system32\drivers\iteatapi.sys (ITEATAPI_Service_Install)
* c:\windows\system32\drivers\iteraid.sys (ITERAID_Service_Install)
* C:\Windows\system32\drivers\lvckap.sys (Logitech AEC Driver)
* C:\Windows\system32\drivers\lvpr2mon.sys (Logitech LVPr2Mon Driver)
* C:\Windows\system32\drivers\lvmvdrv.sys (Logitech Machine Vision Engine Loader)
* C:\Windows\system32\drivers\lvcm.sys (Logitech QuickCam Communicate)
* C:\Windows\system32\drivers\lvusbsta.sys (Logitech USB Monitor Filter)
* C:\Windows\system32\drivers\motccgpfl.sys (MotCcgpFlService)
* C:\Windows\system32\drivers\motodrv.sys (Motorola Inc. USB Device)
* C:\Windows\system32\drivers\motmodem.sys (Motorola USB CDC ACM Driver)
* C:\Windows\system32\drivers\motccgp.sys (Motorola USB Composite Device Driver)
* c:\windows\system32\drivers\iqvw32.sys (Nal Service)
* C:\Windows\system32\drivers\npf.sys (NetGroup Packet Filter Driver)
* c:\windows\system32\drivers\ntrigdigi.sys (N-trig HID Tablet Driver)
* c:\windows\system32\drivers\osaio.sys (osaio)
* c:\windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Miniport Driver)
* c:\windows\system32\drivers\ql40xx.sys (QLogic iSCSI Miniport Driver)
* C:\Windows\system32\drivers\netr61.sys (Ralink RT61 Wireless Driver for Windows Vista)
* c:\program files\sisoftware sandra lite\sandra.sys (SANDRA)
* c:\windows\system32\drivers\arcsas.sys (SCSI miniport)
* c:\windows\system32\drivers\sisraid4.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid2.sys (SCSI Miniport)
* c:\windows\system32\drivers\symc8xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\uliahci.sys (SCSI Miniport)
* c:\windows\system32\drivers\vsmraid.sys (SCSI Miniport)
* c:\windows\system32\drivers\sym_hi.sys (SCSI Miniport)
* c:\windows\system32\drivers\sym_u3.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata2.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata.sys (SCSI Miniport)
* c:\windows\system32\drivers\arc.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_sas.sys (SCSI Miniport)
* c:\windows\system32\drivers\elxstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\hpcisss.sys (SCSI Miniport)
* c:\windows\system32\drivers\iirsp.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_fc.sys (SCSI Miniport)
* c:\windows\system32\drivers\djsvs.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_scsi.sys (SCSI Miniport)
* c:\windows\system32\drivers\megasas.sys (SCSI Miniport)
* c:\windows\system32\drivers\mraid35x.sys (SCSI Miniport)
* c:\windows\system32\drivers\nfrd960.sys (SCSI Miniport)
* c:\windows\system32\drivers\nvstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpahci.sys (SCSI Miniport)
* c:\windows\system32\drivers\adp94xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu320.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu160m.sys (SCSI Miniport)
* C:\Windows\system32\drivers\rtkvhda.sys (Service for Realtek HD Audio (WDM))
C:\Windows\system32\speedfan.sys (speedfan)
* c:\windows\system32\drivers\cmdide.sys (System Bus Extender)
* c:\windows\system32\drivers\aliide.sys (System Bus Extender)
* c:\windows\system32\drivers\viaide.sys (System Bus Extender)
* c:\windows\system32\drivers\nvraid.sys (System Bus Extender)
* C:\Windows\system32\drivers\tmcomm.sys (tmcomm)
* C:\Windows\system32\drivers\tmpreflt.sys (tmpreflt)
* C:\Windows\system32\drivers\tmxpflt.sys (tmxpflt)
* C:\Windows\system32\drivers\tm_cfw.sys (Trend Micro Common Firewall Service)
* C:\Windows\system32\drivers\tm_mbd_c.sys (Trend Micro MBD Driver)
* C:\Windows\system32\drivers\tmtdi.sys (Trend Micro TDI Driver)
* C:\Windows\system32\drivers\igdkmd32.sys (Video)
* C:\Windows\system32\drivers\vsapint.sys (vsapint)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\belarc\advisor\system\bavoilax.dll (Belarc, Inc.) {6318E0AB-2E93-11D1-B8ED-00608CC9A71F}
* c:\progra~1\common~1\skype\skype4~1.dll (Skype Technologies) {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\progra~1\zipgen~1\zgtips.dll (M.Dev Software) {2E5AC2E0-406D-11D4-86B3-FA5861508E25}
* c:\program files\itunes\itunesminiplayer.dll (Apple Inc.) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
* c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
c:\program files\quickpar\quickparshlext.dll (Peter B Clements) {D120D80B-BD26-4A74-8E43-2C2AF0966139}
c:\users\user\appdata\local\trend micro\hcms\flock\en-us\filelock.dll (Trend Micro Inc.) {9D4D7B42-F272-4D50-A349-D75B023310BF}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\progra~1\zipgen~1\zgdrag~1.dll (M.Dev Software) {FE8D01BF-610A-4261-9C6E-32D65A42C907}
c:\progra~1\zipgen~1\dropha~1.dll (M.Dev Software) {310A0C95-EA11-42AE-A8E4-53E69E650310}
c:\progra~1\zipgen~1\contmenu.dll (M.Dev Software) {C169E5F0-E2B3-41F3-B81A-7BA529CBE193}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
C:\Windows\system32\lsdelete.exe

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* c:\windows\system32\dpwlevhd.dll (DigitalPersona, Inc.)
* C:\Windows\system32\igfxdev.dll (Intel Corporation)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\Windows\system32\hpzlllhn.dll (Hewlett-Packard Company)

071 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
-------------------------------------------------------------------
* C:\Windows\dppwdflt.dll (DigitalPersona, Inc.)

100 Internet Explorer settings
------------------------------
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKCU : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Start Page HKCU : http://www.google.com/ig?hl=en
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\system32\ogacheckcontrol.dll {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
- c:\windows\downloaded program files\pcpitstop.dll {0E5F0222-96B9-11D3-8997-00104BD12D94}
- c:\windows\downlo~1\tmhcmsx.ocx {1EF9F042-C2EB-4293-8213-474CAEEF531D}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
* c:\program files\java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
* c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
* c:\windows\system32\macromed\flash\flash9d.ocx (Adobe Systems, Inc.) {D27CDB6E-AE6D-11CF-96B8-444553540000}
- c:\windows\downloaded program files\driveragent.ocx {E8F628B5-259A-4734-97EE-BA914D7BE941}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
ConsentPromptBehaviorAdmin : 2
ConsentPromptBehaviorUser : 1
dontdisplaylastusername : 0
EnableInstallerDetection : 0
EnableLUA : 1
EnableSecureUIAPaths : 1
EnableVirtualization : 1
FilterAdministratorToken : 0
PromptOnSecureDesktop : 1
scforceoption : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
ValidateAdminCodeSignatures : 0

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
G : G:\LaunchU3.exe -a

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll (Nero AG) {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
c:\program files\yenc32\yenc32shell.dll {8CDA2F05-B2BA-4AC7-B731-51E9E6B006E1}
c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\progra~1\zipgen~1\contmenu.dll (M.Dev Software) {C169E5F0-E2B3-41F3-B81A-7BA529CBE193}
c:\program files\quickpar\quickparshlext.dll (Peter B Clements) {D120D80B-BD26-4A74-8E43-2C2AF0966139}
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)

180 FileType Hijacking
----------------------
HKEY_CLASSES_ROOT htafile : NOTEPAD.EXE %1
HKEY_CLASSES_ROOT scrfile : NOTEPAD.EXE %1

Attached Files



BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 30 November 2007 - 04:17 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 07 December 2007 - 03:06 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users