Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3 4  All   Go Down

Author Topic: Can't right click.  (Read 25450 times)

0 Members and 1 Guest are viewing this topic.

cjb445

  • Guest
Re: Can't right click.
« Reply #15 on: October 02, 2007, 12:58:43 PM »
New log after safe mode clean-up part1 . Yes, I have checked mouse settings. Still have double ICONS.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:58:23 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\sj652\hpupdate.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Desktop\HiJackThis_v2.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
Logged

cjb445

  • Guest
Re: Can't right click.
« Reply #16 on: October 02, 2007, 01:00:17 PM »
Hijack part2
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\earso.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\earso.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\earso.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://peark.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MONPluginSrIvcs] n3monap23.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://ehttp.cc/?
O15 - Trusted IP range: http://69.31.*.*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://63.94.247.90:9101/SpecoRemote.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131682824781
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt
O20 - AppInit_DLLs: avpcc.dll
O21 - SSODL: NTDBGTOOL - {88E7E3B0-EE9E-4674-AE78-66779C632B31} - C:\WINDOWS\system32\mfcatk32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Network Security Service (NSS) (?%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\sysjo32.exe (file missing)

--
End of file - 11045 bytes
Logged

JPH



    Intermediate

    • Experience: Experienced
    • OS: Windows 7
    Re: Can't right click.
    « Reply #17 on: October 05, 2007, 10:58:50 PM »
    cjb445,

    I didn't think you were coming back, at any rate wb. Let's get rid of those infections before we focus on your original problem since they are the culprits behind it.

    First open the control panel, go to add/remove programs and remove MyWebSearch and Weatherbug if present. Next run HJT again and put a check next to the following entries and click the "Fix checked" button.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\earso.dll/sp.html#37049

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\earso.dll/sp.html#37049

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\earso.dll/sp.html#37049

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://peark.dll/index.html#37049

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;<local>

    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL

    O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL

    O4 - HKLM\..\Run: [Shell] open32.exe

    O4 - HKCU\..\Run: [MONPluginSrIvcs] n3monap23.exe

    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O13 - WWW. Prefix: http://ehttp.cc/?

    O15 - Trusted IP range: http://69.31.*.*

    O20 - AppInit_DLLs: avpcc.dll

    O21 - SSODL: NTDBGTOOL - {88E7E3B0-EE9E-4674-AE78-66779C632B31} - C:\WINDOWS\system32\mfcatk32.dll

    O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)

    O23 - Service: Network Security Service (NSS)  - Unknown owner - C:\WINDOWS\system32\sysjo32.exe (file missing)

    Next, reboot your computer.

    Delete the following folders if still present:

    C:\Program Files\MyWebSearchWB
    C:\Program Files\AWS

    Delete the following files if still present:

    C:\WINDOWS\system32\earso.dll
    C:\WINDOWS\system32\peark.dll
    C:\WINDOWS\system32\open32.exe
    C:\WINDOWS\system32\n3monap23.exe
    C:\WINDOWS\system32\avpcc.dll
    C:\WINDOWS\system32\mfcatk32.dll

    Next, please run HJT again and post a fresh logfile so that we can make sure you're clean.

    Good luck,
    JPH
    Logged

    cjb445

    • Guest
    Re: Can't right click.
    « Reply #18 on: October 07, 2007, 05:26:20 PM »
    Thanks for the help, but same problem and in the mean time I picked-up aloversaftey.com and can't get rid of it. Downloaded Spybot. but still no good. Deleted all files you suggested but C:\WINDOWS\system32\avpcc.dll could not be deleted. qwertysearch123 & online video add-on(alloversafety.com) won't go away? Help. new log. part 1
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:26:37 PM, on 10/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\sj652\hpupdate.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Online Video Add-on\icmntr.exe
    C:\Program Files\Online Video Add-on\isfmm.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Desktop\HiJackThis_v2.exe
    C:\Program Files\Online Video Add-on\isfmntr.exe
    C:\Program Files\Online Video Add-on\icthis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    Logged

    cjb445

    • Guest
    Re: Can't right click.
    « Reply #19 on: October 07, 2007, 05:27:22 PM »
    New log part 2

    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
    O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6554] command /c del "C:\Documents and Settings\CHARLENE\Local Settings\Temp\laf1.exe_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5455] cmd /c del "C:\Documents and Settings\CHARLENE\Local Settings\Temp\laf1.exe_old"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://63.94.247.90:9101/SpecoRemote.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131682824781
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
    O19 - User stylesheet:  (file missing)
    O20 - AppInit_DLLs: avpcc.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    O23 - Service: Network Security Service (NSS) (?%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\sysjo32.exe (file missing)

    --
    End of file - 10857 bytes
    Logged

    JPH



      Intermediate

      • Experience: Experienced
      • OS: Windows 7
      Re: Can't right click.
      « Reply #20 on: October 07, 2007, 10:22:06 PM »
      I noticed that you didn't remove Weatherbug as I suggested and that's fine if you're partial to it, after all it's your computer. Although by definition it isn't spyware the free version is technically adware.

      *note - you might want to print this out

      First reboot your computer and let Spybot run again, it's set to delete a couple of files and do another scan during the next restart. After that's done, turn off system restore. That will prevent any malware from being restored by Windows after it is removed.

      Reboot your computer again and go into safe mode (hit F8 during startup and use the up and down arrow keys to choose safe mode). Run HJT again and put a check next to the following entries:

      R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
      O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
      O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Online Video Add-on\isfmntr.exe
      O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
      O19 - User stylesheet:  (file missing)
      O20 - AppInit_DLLs: avpcc.dll
      O23 - Service: Network Security Service (NSS)  - Unknown owner - C:\WINDOWS\system32\sysjo32.exe (file missing)

      Click the "Fix checked" button

      Now browse to the C:\WINDOWS\system32 directory and delete the following files:

      blank.html
      searchbar.html
      avpcc.dll

      Delete the following folder:

      C:\Program Files\Online Video Add-on

      Reboot back into normal mode. Go to C:\Desktop and rename HiJackThis_v2.exe to something else (e.g. cjb445.exe) and run another scan. Post the new log file.

      BTW, I know this seems repetitive and tedious but we have to get rid of all these infections BEFORE we can even begin to deal with your original problem.

      - JPH



      « Last Edit: October 08, 2007, 02:45:07 AM by JPH »
      Logged

      cjb445

      • Guest
      Re: Can't right click.
      « Reply #21 on: October 08, 2007, 02:09:13 PM »
      I did try to delete weatherbug. Also as you can see these files keep coming back. Aaaaah! Although video add-on is now gone. yippee. qwertysearch123 still there? What next?
      New log part 1
      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 2:59:40 PM, on 10/8/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Microsoft Hardware\Mouse\point32.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
      C:\sj652\hpupdate.exe
      C:\WINDOWS\System32\DSentry.exe
      C:\WINDOWS\BCMSMMSG.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Napster\napster.exe
      C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\DellSupport\DSAgnt.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Desktop\cjb445.exe
      C:\WINDOWS\system32\cidaemon.exe
      Logged

      cjb445

      • Guest
      Re: Can't right click.
      « Reply #22 on: October 08, 2007, 02:11:11 PM »
      part 2
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
      O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - (no file)
      O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [POINTER] point32.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
      O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
      O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
      O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
      O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
      O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\RunOnce: [SpybotDeletingA6554] command /c del "C:\Documents and Settings\CHARLENE\Local Settings\Temp\laf1.exe_old"
      O4 - HKLM\..\RunOnce: [SpybotDeletingC5455] cmd /c del "C:\Documents and Settings\CHARLENE\Local Settings\Temp\laf1.exe_old"
      O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
      O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
      O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
      O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://63.94.247.90:9101/SpecoRemote.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131682824781
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
      O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
      O20 - AppInit_DLLs: avpcc.dll
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
      O23 - Service: Network Security Service (NSS) (?%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\sysjo32.exe (file missing)

      --
      End of file - 10122 bytes
       
      Also tried to delete avpcc.dll but could not. access denied an could not find blank.html ?
      Logged

      JPH



        Intermediate

        • Experience: Experienced
        • OS: Windows 7
        Re: Can't right click.
        « Reply #23 on: October 08, 2007, 04:28:47 PM »
        Let's try this. Download the free version of SUPERAntiSpyware. Install it and click yes when prompted to check for updates. On the main page click on "Preferences" and then "Scanning Control." Check both "Close browser before scanning" and "Terminate memory threats before quarantining." Now boot into safe mode again, open SUPERAntiSpyware and click on Scan my computer. Do a complete scan and make sure there is a check next to everything it finds then click next then finish.

        Go back to Preferences > Statistics/Logs and view the log file, it will open in notepad. Do a File > Save As and save a copy of the log somewhere you can easily find it again. Boot back into normal mode and then post the SAS log file here.

        - JPH
        Logged

        programming_pat



          Apprentice

        • I like Rabbits and Guinea pigs
          Re: Can't right click.
          « Reply #24 on: October 08, 2007, 04:49:42 PM »
          Did this happen suddenly or has it alwys been happening?
          Logged

          cjb445

          • Guest
          Re: Can't right click.
          « Reply #25 on: October 08, 2007, 08:36:06 PM »
          The problem started about 1 yr ago.
          Completed download and scan of Superantispyware.
          But log is waaaay to big to post.
          do you want to see the new Hijack log?
          Still have double icons and can't right click on background.
          Logged

          JPH



            Intermediate

            • Experience: Experienced
            • OS: Windows 7
            Re: Can't right click.
            « Reply #26 on: October 08, 2007, 08:51:29 PM »
            Way too big to post?  ;D
            Good then, that means it removed tons of bad stuff.

            Yes please post the new log file.

            - JPH
            Logged

            cjb445

            • Guest
            Re: Can't right click.
            « Reply #27 on: October 09, 2007, 10:29:10 AM »
            New log some of these files just won't go away :-\
            Part 1
            Logfile of Trend Micro HijackThis v2.0.0 (BETA)
            Scan saved at 11:27:47 AM, on 10/9/2007
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\cisvc.exe
            C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
            C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
            c:\program files\common files\mcafee\mna\mcnasvc.exe
            C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
            C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
            c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
            C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
            C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
            C:\Program Files\McAfee\MPF\MPFSrv.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\cidaemon.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\Program Files\Microsoft Hardware\Mouse\point32.exe
            C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
            C:\sj652\hpupdate.exe
            C:\WINDOWS\System32\DSentry.exe
            C:\WINDOWS\BCMSMMSG.exe
            C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
            C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Napster\napster.exe
            C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
            C:\WINDOWS\system32\RUNDLL32.EXE
            C:\PROGRA~1\mcafee.com\agent\mcagent.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\DellSupport\DSAgnt.exe
            C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            C:\Program Files\Real\RealOne Player\RealPlay.exe
            C:\Program Files\Digital Line Detect\DLG.exe
            C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
            C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
            C:\Program Files\MSN Messenger\usnsvc.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Desktop\cjb445.exe

            Logged

            cjb445

            • Guest
            Re: Can't right click.
            « Reply #28 on: October 09, 2007, 10:30:28 AM »
            Part 2. Thanks for your help!
            R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://qwertysearch123.biz/?id=1017
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\blank.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\system32\blank.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qwertysearch123.biz/?id=1017
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://qwertysearch123.biz/?id=1017
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://qwertysearch123.biz/?id=1017
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
            O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - (no file)
            O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
            O4 - HKLM\..\Run: [POINTER] point32.exe
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
            O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
            O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
            O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
            O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
            O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
            O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
            O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
            O4 - HKLM\..\RunOnce: [SpybotDeletingA6554] command /c del "C:\Documents and Settings\CHARLENE\Local Settings\Temp\laf1.exe_old"
            O4 - HKLM\..\RunOnce: [SpybotDeletingC5455] cmd /c del "C:\Documents and Settings\CHARLENE\Local Settings\Temp\laf1.exe_old"
            O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
            O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
            O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: Digital Line Detect.lnk = ?
            O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
            O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
            O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
            O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
            O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
            O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://63.94.247.90:9101/SpecoRemote.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131682824781
            O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
            O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
            O20 - AppInit_DLLs: avpcc.dll
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
            O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
            O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
            O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
            O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
            O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
            O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
            O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
            O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
            O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
            O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
            O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
            O23 - Service: Network Security Service (NSS) (?%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\sysjo32.exe (file missing)

            --
            End of file - 10481 bytes
            Logged

            JPH



              Intermediate

              • Experience: Experienced
              • OS: Windows 7
              Re: Can't right click.
              « Reply #29 on: October 09, 2007, 11:53:01 AM »
              Download CWShredder. Run it, click the fix button and then post a new log file.

              - JPH
              Logged
              Pages: 1 [2] 3 4  All   Go Up
              « previous next »