I need serious help!

Started by Mrsjrich, Apr 07 2007 12:07 AM

Next

You cannot reply to this topic

28 replies to this topic

#1 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 12:07 AM

I am at my witz end. I don't have desktop icons, I don't have a taskbar. I am excuting all of my programs by clicking CTRL +ALT+DEL . I have read several articles, I have asked countless questions, but nothing seems to help.

Just so you are aware of what I have performed here goes:

have ran countless spyware and virus programs. The majority suggest that my computer is in excellent condition (prev, mcafee, windows defender, aol spyware)

However some programs such as regcure sugges that I have over 330 errors, another program suggested that I had a trojan, however in order to clean it, i needed to purchase the program.

How come these programs which state that my computer is in an excellent condition does not pick up on these errors.

if there are no virus, spyware or trojans on my computer then why is it so difficult to get my taskbar displayed as well as the desktop icons.

my desktop folder has the icons listed. I have gone through task manager and ran a new task by entering Explorer.exe but nothing happens. If i right click on the desk top (which shows my background theme but nothing else) not happens. nothing.

Can anyone help me.
I have also included alog stating "is this a virus"

Attached Files

isthisavirus.txt 285.89K 5 downloads

Back to top

#2 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 07 April 2007 - 12:26 AM

Can you please post a hijackthis log?
Once I get that log we can start cleaning this up.

Back to top

#3 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 12:42 AM

rridgely, on Apr 7 2007, 12:26 AM, said:

Can you please post a hijackthis log?
Once I get that log we can start cleaning this up.

how do I do that?

Back to top

#4 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 07 April 2007 - 12:44 AM

You download the program here:
http://www.filehippo...oad_hijackthis/

Just click the program and when it opens choose to "scan and save log file". A text file will pop up after the scan and all you have to do is copy and paste that onto the forum.

Back to top

#5 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 12:56 AM

thanks..

here is the the log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:53:52 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1175664859\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1175664859\ee\aolsoftware.exe
c:\program files\common files\aol\1175664859\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Tashua\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175664859\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Tashua\Desktop\4F56D76.exe" -scan
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe

--
End of file - 9475 bytes

Back to top

#6 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 07 April 2007 - 01:10 AM

Download ComboScan to your Desktop

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
A folder Comboscan will also open which contains the Comboscan.txt and a Supplementary.txt.
Copy and paste the contents of ComboScan.txt in your next reply.
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

I want you to run both of those and come back with the logs.
In addition to that post a new hijackthis log.

Back to top

#7 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 03:35 AM

ok, Sorry for the delay

Here is the Comboscan.txtComboScan v20070306.20 run by Jeremiah on 2007-04-06 at 19:51:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
23: 2007-04-07 02:51:35 UTC - RP158 - ComboScan Restore Point
22: 2007-04-06 21:47:42 UTC - RP157 - Removed URGE
21: 2007-04-06 07:13:11 UTC - RP156 - Software Distribution Service 2.0
20: 2007-04-06 00:16:43 UTC - RP155 - Software Distribution Service 2.0
19: 2007-04-05 22:29:04 UTC - RP154 - Software Distribution Service 2.0

-- First Restore Point --
1: 2007-03-07 06:27:12 UTC - RP136 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Jeremiah.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:53:09 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
D:\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1175664859\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1175664859\ee\aolsoftware.exe
c:\program files\common files\aol\1175664859\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Tashua\Desktop\comboscan.exe
C:\PROGRA~1\HIJACK~1\Jeremiah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175664859\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Tashua\Desktop\4F56D76.exe" -scan
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3S ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3S b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys
3S BthEnum (Bluetooth Request Block Driver) - C:\WINDOWS\system32\drivers\BthEnum.sys
3S BthPan (Bluetooth Device (Personal Area Network)) - C:\WINDOWS\system32\drivers\bthpan.sys
3S BTHPORT (Bluetooth Port Driver) - C:\WINDOWS\system32\drivers\bthport.sys
3S BTHUSB (Bluetooth Radio USB Driver) - C:\WINDOWS\system32\drivers\BTHUSB.SYS
3R CAMCAUD (Conexant AMC Audio) - C:\WINDOWS\system32\drivers\camcaud.sys
3R CAMCHALA - C:\WINDOWS\system32\drivers\camchal.sys
1R Cdr4_xp - C:\WINDOWS\system32\drivers\cdr4_xp.sys
1R Cdralw2k - C:\WINDOWS\system32\drivers\cdralw2k.sys
3S dalwdmservice (dal service) - C:\WINDOWS\system32\drivers\Dalwdm.sys
0R DigiFilter - C:\WINDOWS\system32\drivers\DigiFilt.sys
3R DKbFltr (Dritek HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS
3S EntDrv51 - C:\WINDOWS\system32\drivers\EntDrv51.sys
2R EpmPsd (Acer EPM Power Scheme Driver) - C:\WINDOWS\system32\drivers\epm-psd.sys
2R EpmShd (Acer EPM System Hardware Driver) - C:\WINDOWS\system32\drivers\epm-shd.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWICH - C:\WINDOWS\system32\drivers\HSFHWICH.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
2R irda (IrDA Protocol) - C:\WINDOWS\system32\drivers\irda.sys
3S MBX2DFU - C:\WINDOWS\system32\drivers\mbx2dfu.sys
3S MBX2MIDK (Digidesign Mbox 2 Midi Driver) - C:\WINDOWS\system32\drivers\mbx2midk.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NaiAvFilter1 - C:\WINDOWS\system32\drivers\naiavf5x.sys
3S NaiFiltr - C:\WINDOWS\system32\drivers\NaiFiltr.sys
3S NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S NSCIRDA (NSC Infrared Device Driver) - C:\WINDOWS\system32\drivers\nscirda.sys
3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
2R osaio - C:\WINDOWS\system32\drivers\osaio.sys
2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys
0R PrevxDriver (PREVX Kernel Mode Agent) - C:\WINDOWS\system32\drivers\pxfsf.sys
3R PREVXEmulator (PREVX Emulator driver) - C:\WINDOWS\system32\drivers\PxEmu.sys
1R PREVXTdi (PREVX TDI filter) - C:\WINDOWS\system32\drivers\pxtdi.sys
1R PXRDDriver (PREVX Rootkitscan driver) - C:\WINDOWS\system32\drivers\PxRD.sys
3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - C:\WINDOWS\system32\drivers\rfcomm.sys
3R SMBBATT (Microsoft Smart Battery Driver) - C:\WINDOWS\system32\drivers\smbbatt.sys
1R SMBHC (Microsoft SM Bus Host Controller Driver) - C:\WINDOWS\system32\drivers\smbhc.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
3S tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
0R TPkd - C:\WINDOWS\system32\drivers\TPkd.sys
1R UBHelper (MRW remapping) - C:\WINDOWS\system32\drivers\UBHelper.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R w22n51 (Intel® PRO/Wireless 2200 Adapter Driver) - C:\WINDOWS\system32\drivers\w22n51.sys
3S w29n51 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP) - C:\WINDOWS\system32\drivers\w29n51.sys
3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R anbmService (Notebook Manager Service) - C:\Acer\eManager\anbmServ.exe
2R AOL ACS (AOL Connectivity Service) - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
2R AOL TopSpeedMonitor (AOL TopSpeed Monitor) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
2R aolavupd (AOL Antivirus Update Service) - "C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2S Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R DigiRefresh (Digidesign MME Refresh Service) - D:\Digidesign\Drivers\MMERefresh.exe -s
3S digiSPTIService - "D:\Digidesign\Pro Tools\digiSPTIService.exe"
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
3S iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R Irmon (Infrared Monitor) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ITMRTSVC (CA Pest Patrol Realtime Protection Service) - "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe"
2S McShield (McAfee McShield) - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
3S mcupdmgr.exe (McAfee SecurityCenter Update Manager) - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
2S MCVSRte (McAfee.com VirusScan Online Realtime Engine) - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
2R PREVXAgent (Prevx Agent) - "C:\Program Files\Prevx1\PXAgent.exe" -f
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"

-- Scheduled Tasks -------------------------------------------------------------

2007-04-06 19:16:16 500 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (ACER-3F05B2AF82-Jeremiah).job<MCAFEE~1.JOB>
2007-04-06 17:00:04 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2007-04-06 16:12:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-04-06 16:11:32 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-04 15:38:54 378 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2007-03-06 and 2007-04-06 -----------------------------

2007-04-06 17:15:11 0 d-------- C:\WINDOWS\BDOSCAN8
2007-04-06 17:15:03 0 d-------- C:\WINDOWS\LastGood
2007-04-06 16:06:27 0 d-------- C:\Documents and Settings\Jeremiah\Application Data\Prevx
2007-04-06 16:06:21 101120 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2007-04-06 16:06:20 7680 --a------ C:\WINDOWS\system32\pxinst.dll
2007-04-06 16:06:20 19200 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2007-04-06 16:06:18 290816 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2007-04-06 16:06:18 8192 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2007-04-06 16:05:37 0 d-------- C:\Program Files\Prevx1
2007-04-06 16:05:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-04-06 16:05:06 13952 --a------ C:\WINDOWS\system32\drivers\PxRD.sys
2007-04-06 16:04:55 77312 --a------ C:\WINDOWS\ua2.dll
2007-04-06 15:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-05 17:31:02 0 d-------- C:\Program Files\MSBuild
2007-04-05 17:27:49 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-04-05 17:27:07 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-04-05 17:26:04 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-04-05 17:25:34 0 d-------- C:\8075caef4a574f359c<8075CA~1>
2007-04-05 17:13:53 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-04-05 17:13:53 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-04-05 17:13:53 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-04-05 15:33:19 23296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2007-04-05 15:33:02 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-04-05 15:32:51 279624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-04-05 15:32:50 341064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-04-05 15:26:01 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-05 01:42:12 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-04-04 21:58:21 0 d-------- C:\Documents and Settings\Tashua\Application Data\Apple Computer<APPLEC~1>
2007-04-04 21:57:00 0 d-------- C:\Documents and Settings\Tashua\Application Data\Viewpoint<VIEWPO~1>
2007-04-04 21:56:53 0 d-------- C:\Documents and Settings\Tashua\Application Data\AOL
2007-04-04 17:12:57 0 d-------- C:\Documents and Settings\Tashua\Application Data\Google
2007-04-04 16:48:37 0 d-------- C:\Program Files\LimeWire
2007-04-04 16:47:54 0 d-------- C:\Documents and Settings\Jeremiah\.limewire<LIMEWI~1>
2007-04-04 16:46:38 359112 --a------ C:\LimeWireWin.exe<LIMEWI~1.EXE>
2007-04-04 16:13:15 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-04-04 16:12:45 1003520 --a------ C:\WINDOWS\system32\VchReg.dll
2007-04-04 16:12:42 0 d-------- C:\Program Files\SpywareDetector<SPYWAR~1>
2007-04-04 15:54:10 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware<PARETO~1>
2007-04-04 15:38:48 0 d-------- C:\Program Files\RegCure
2007-04-04 15:21:33 0 d-------- C:\WINDOWS\WBEM
2007-04-04 15:21:30 0 d-------- C:\WINDOWS\system32\en-US
2007-04-04 15:18:11 0 d--h----- C:\WINDOWS\ie7
2007-04-04 15:14:11 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-04-04 14:46:47 524288 --ah----- C:\Documents and Settings\Tashua\ntuser.dat
2007-04-04 14:33:56 0 d--hs---- C:\FOUND.003
2007-04-04 03:03:11 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-04 03:01:57 0 d-------- C:\c5d2383196dc4c09fc06331c1194<C5D238~1>
2007-04-04 02:21:43 0 d-------- C:\Documents and Settings\Guest\Application Data\Viewpoint<VIEWPO~1>
2007-04-04 02:21:36 0 d-------- C:\Documents and Settings\Guest\Application Data\AOL
2007-04-04 02:07:21 0 d-------- C:\Program Files\CA
2007-04-04 02:06:56 8448 --a------ C:\WINDOWS\system32\drivers\EntDrv51.sys
2007-04-04 02:06:03 41018 --a------ C:\WINDOWS\system32\EntAPI.dll
2007-04-04 02:06:01 114464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-04-04 02:05:28 0 d-------- C:\Program Files\Common Files\McAfee
2007-04-04 02:05:10 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-04-04 02:05:07 0 d-------- C:\Program Files\mcafee.com
2007-04-04 01:25:15 306720 --a------ C:\DNLDSSC.exe
2007-04-04 01:20:57 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>
2007-04-04 01:11:14 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-03 22:53:07 0 d-------- C:\Program Files\iPod
2007-04-03 22:53:04 0 d-------- C:\Program Files\iTunes
2007-04-03 22:50:59 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-04-03 22:45:56 37860928 --a------ C:\iTunesSetup.exe<ITUNES~1.EXE>
2007-04-03 22:44:46 0 d-------- C:\Program Files\AOL
2007-04-03 22:38:28 0 d-------- C:\Documents and Settings\Jeremiah\Application Data\Viewpoint<VIEWPO~1>
2007-04-03 22:37:03 0 d-------- C:\Documents and Settings\Jeremiah\Application Data\AOL
2007-04-03 22:36:39 0 d-------- C:\Install ICQ<INSTAL~2>
2007-04-03 22:36:26 0 d-------- C:\Install iTunes<INSTAL~1>
2007-04-03 22:36:23 0 d-------- C:\AOL Instant Messenger<AOLINS~1>
2007-04-03 22:36:18 0 d-------- C:\MAV
2007-04-03 22:36:17 0 d-------- C:\aolextras<AOLEXT~1>
2007-04-03 22:36:08 173184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-04-03 22:36:08 0 d-------- C:\Documents and Settings\Jeremiah\Application Data\You've Got Pictures Screensaver<YOU'VE~1>
2007-04-03 22:35:38 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll<SIMPLE~1.DLL>
2007-04-03 22:35:38 10752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-04-03 22:35:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks<PURENE~1>
2007-04-03 22:35:29 0 d-------- C:\Program Files\Pure Networks<PURENE~1>
2007-04-03 22:34:52 0 d-------- C:\Program Files\AOL Deskbar<AOLDES~1>
2007-04-03 22:34:41 0 d-------- C:\Program Files\Common Files\AolCoach
2007-04-03 22:34:15 0 d-------- C:\Program Files\America Online 9.0a<AMERIC~1.0A>
2007-04-03 22:32:57 0 d--h----- C:\TEMP
2007-04-03 22:16:05 0 d-------- C:\Program Files\PeoplePC Accelerated<PEOPLE~1>
2007-04-03 22:15:19 34660 --a------ C:\WINDOWS\system32\ppaluninst.exe<PPALUN~1.EXE>
2007-04-03 22:15:09 62464 -----n--- C:\WINDOWS\system32\unPPC6000.exe<UNPPC6~1.EXE>
2007-04-03 22:15:09 67584 -----n--- C:\WINDOWS\system32\unPPC.exe
2007-04-03 22:15:09 28672 -----n--- C:\WINDOWS\system32\RegHero.exe
2007-04-03 22:15:09 45056 --a------ C:\WINDOWS\system32\ppcwebi.dll
2007-04-03 22:15:09 37376 --a------ C:\WINDOWS\system32\PPCOUNIN.exe
2007-04-03 22:15:09 18432 -----n--- C:\WINDOWS\system32\PPCInfo.exe
2007-04-03 22:15:09 10752 -----n--- C:\WINDOWS\system32\PopWait.exe
2007-04-03 22:15:09 84992 -----n--- C:\WINDOWS\system32\ATL70.dll
2007-04-03 22:15:09 0 d-------- C:\Program Files\PeoplePC
2007-03-08 14:06:56 722992 --a------ C:\aolsetup.exe
2007-03-06 22:54:44 991232 --a------ C:\WINDOWS\system32\W22MLRES.dll

-- Find3M Report ---------------------------------------------------------------

2007-04-06 16:07:28 12 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
2007-03-08 08:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-01-29 01:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"="cmd.exe /C \"cscript %systemroot%\\Installer\\TSClientMsiTrans\\tscuinst.vbs\""
"MPlayer2_FixUp"="C:\\WINDOWS\\inf\\unregmp2.exe /Fixups"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1175664859\\ee\\AOLSoftware.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"DigidesignMMERefresh"="D:\\Digidesign\\Drivers\\MMERefresh.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1175664859\\ee\\services\\safetyCore\\ver210_5_4_1\\AOLSP Scheduler.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"NetFxUpdate_v1.1.4322"="\"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\netfxupdate.exe\" 1 v1.1.4322 GAC + NI NID"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"CleanUp"="C:\\PROGRA~1\\McAfee.com\\Shared\\mcappins.exe /v=3 /cleanup"
"PrevxRootkitRemovalTool"="\"C:\\Documents and Settings\\Tashua\\Desktop\\4F56D76.exe\" -scan"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"item"="SunJavaUpdateSched"
"command"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClassicShell"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
bthsvcs REG_MULTI_SZ BthServ\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PREVXDRIVER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PREVXEMULATOR
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PREVXTDI
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PXRDDRIVER

-- Hosts -----------------------------------------------------------------------

66.98.136.25 auto.search.msn.com
66.98.136.25 auto.search.msn.es
66.98.136.25 auto.search.msn.com
66.98.136.25 auto.search.msn.es

-- End of ComboScan: finished at 2007-04-06 at 19:53:39 ------------------------

I have to reboot for the Superspyway software so I will be back to post its log, and and hijack log as well. thanks

Back to top

#8 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 03:47 AM

SUPERAntiSpyware Scan Log
Generated 04/06/2007 at 08:30 PM

Application Version : 3.6.1000

Core Rules Database Version : 3215
Trace Rules Database Version: 1225

Scan type : Complete Scan
Total Scan Time : 00:25:36

Memory items scanned : 448
Memory threats detected : 0
Registry items scanned : 5287
Registry threats detected : 0
File items scanned : 32636
File threats detected : 191

Adware.Tracking Cookie
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@realmedia[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@primediabusiness.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@revsci[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@statcounter[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@lenovo.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@coxhsi.112.2o7[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@h.starware[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@network.realmedia[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@efashionsolutions.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.puristat[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adrevolver[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@cgi-bin[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adserving.autotrader[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ad.yieldmanager[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@apmebf[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@tacoda[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.macromedia[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adknowledge[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@cbs.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@clickbank[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@trafficmp[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@oddcast[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@70930481[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@click.cashengines[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@mb[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@myfamily.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@fastclick[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@questionmarket[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.adtrak[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@16847762[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ford.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@mediaplex[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@entrepreneur[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@overture[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adrevolver[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@a.websponsors[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@keywordmax[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@offeroptimizer[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-moneymanagement.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-vonage.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ads.web.aol[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.googleadservices[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@casalemedia[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@edge.ru4[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@dist.belnk[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@creditpaymentservices.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.entrepreneur[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ads.pointroll[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@focalex[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@try.starware[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@anad.tacoda[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@doubleclick[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@commission-junction[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@tremor.adbureau[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@nextag[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@tribalfusion[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@bookspan.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@citi.bridgetrack[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@z1.adserver[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adserver1.christianadserver[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@superstats[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@maxserving[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@as-us.falkag[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@tradedoubler[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@sales.liveperson[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@statse.webtrendslive[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ads.addynamix[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@bluestreak[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ads.realtechnetwork[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@data2.perf.overture[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@serving-sys[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@banner.32vegas[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@247realmedia[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@perf.overture[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@anat.tacoda[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@webstat[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@20415[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adv.webmd[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@analytics.clickpathmedia[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@cgi-bin[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@embarq.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@cgi-bin[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@optimost[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adinterax[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@precisionclick[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@vhost.oddcast[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@belnk[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@revenue[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@2o7[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@zedo[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@1069561984[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adopt.euroclick[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@burstnet[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@bizrate[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@data1.perf.overture[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@atdmt[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@login.tracking101[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@80570461[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-bestwestern.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adbrite[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@qksrv[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adopt.specificclick[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@advertising[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@atwola[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@rentclicks[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@profile.myspace[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@media.fastclick[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@adecn[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@server.iad.liveperson[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-pizzahut.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@cpvfeed[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-directv.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@s.clickability[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@stats[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ar.atwola[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@estat[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.googleadservices[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-autotrader.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@stat.dealtime[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@banner[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-vmixmediainc.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@homestore.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@admarketplace[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@data3.perf.overture[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@azjmp[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@blessedherbs.122.2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-cisco.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@server.iad.liveperson[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@media.adrevolver[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@paytrack[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.adultplayersclub[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@clicksor[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@30322322[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@smileycentral[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@offers.intermediainteractive[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@tracker.myspacemaps[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@onlinerewardcenter[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@valueclick[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@reduxads.valuead[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.googleadservices[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@81792010[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@cz6.clickzs[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@bs.serving-sys[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@rotator.adjuggler[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ads.revsci[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@24292[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@server2.bkvtrack[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@phg.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@og.advertserve[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.ezytrack[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@kanoodle[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@v7.stats.load[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg-discoverynetwork.hitbox[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@ehg.hitbox[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@mb[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@www.burstbeacon[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@specificclick[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@stats.manticoretechnology[1].txt
C:\Documents and Settings\NetworkService\Cookies\jeremiah@2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@fastclick[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@bluestreak[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@2o7[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@a.websponsors[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@statse.webtrendslive[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@fastclick[1].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@statse.webtrendslive[2].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@bluestreak[3].txt
C:\Documents and Settings\Jeremiah\Cookies\jeremiah@2o7[3].txt
C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-chrysler.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
C:\Documents and Settings\Tashua\Cookies\tashua@mediaplex[1].txt
C:\Documents and Settings\Tashua\Cookies\tashua@2o7[1].txt
C:\Documents and Settings\Tashua\Cookies\tashua@atwola[1].txt
C:\Documents and Settings\Tashua\Cookies\tashua@revsci[1].txt
C:\Documents and Settings\Tashua\Cookies\tashua@advertising[1].txt
C:\Documents and Settings\Tashua\Cookies\tashua@doubleclick[2].txt
C:\Documents and Settings\Tashua\Cookies\tashua@ads.web.aol[2].txt

And HiJack...

Logfile of HijackThis v1.99.1
Scan saved at 8:49:41 PM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
D:\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1175664859\ee\aolsoftware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\AOL\1175664859\ee\aolsoftware.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\aol\1175664859\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175664859\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Tashua\Desktop\4F56D76.exe" -scan
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1175664859\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

Back to top

#9 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 07 April 2007 - 04:51 PM

Open hijackthis and do a system scan. Then check off the following entries:

O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es

Next press "fix checked" and then exit hijackthis.
-------

Press Control, Alt & Delete to bring up Task Manager and goto the Applications tab, click New Task then Copy and paste this into the New Task window

cmd /c reg.exe query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" /s>%systemdrive%\Result.txt && notepad %systemdrive%\Result.txt

Press OK and it will export some information from your registry and save it to a text file named Result.txt which will save to C:\Drive and also open in Notepad, please copy and paste the contents of that text file back on here

-------

Go back to Task Manager > Applications > New Task and then copy and paste this

cmd /c dir /b/s/a-d %systemdrive%\explorer.exe>%systemdrive%\checkfile.txt && notepad %systemdrive%\checkfile.txt

Press OK and it will check the system for explorer.exe and write the location into a notepad file named checkfile.txt which will save to C:\Drive and also open in Notepad, copy and paste the results back on here

---------

Next generate a list of the Add/Remove screen entries so we can make sure there isnt any problems showing

Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Back to top

#10 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 05:19 PM

here are all the results as requested.

Result.txt

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000007000B000000000007000B0000003F000000020000000400010001000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000904E404F0030000010053007400720069006E006700460069006C00650049006E0066006F000000CC03000001003000340030003900300034004500340000004A001900010043006F006D006D0065006E007400730000004300720079007300740061006C002000530051004C002000440065007300690067006E0065007200200037002E0030000000000088003400010043006F006D00700061006E0079004E0061006D006500000000005300650061006700610074006500200053006F00660074007700610072006500200049006E0066006F0072006D006100740069006F006E0020004D0061006E006100670065006D0065006E0074002000470072006F00750070002C00200049006E0063002E000000AE00450001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000280063002900200031003900390031002D003100390039001000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
ApplicationGoo REG_BINARY 5409000054020000000200008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000200A8112E0400000200A8112E0400003F000000200000000400000001000000000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C002000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300410050002000410047002C002000570061006C006C0064006F0072006600000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500320030002E0032002E0030002E003100300037003000000032000900010049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B00200033000000230054020000000200008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010003009E112604000003009E11260400003F000000200000000400000001000000000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C002000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300410050002000410047002C002000570061006C006C0064006F0072006600000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500310030002E0033002E0030002E003100300036003200000032000900010049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B0020003300000023005402000000020000200334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400F003000000000400F00300003F0000000000000004000100010000000000000000000000000000007E020000010053007400720069006E006700460069006C00650049006E0066006F0000005A02000001003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F00770073000000000036000B000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002E003100300030003800000000002C000600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390033002D0031003900390037002000530041005000200041004700000000002800000001004C006500670061006C0054007200610064000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B0020003300000023005402000000020000180334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400DD03000000000400DD0300003F00000000000000040001000100000000000000000000000000000078020000010053007400720069006E006700460069006C00650049006E0066006F0000005402000001003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F00770073000000000034000A000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002E0039003800390000002C000600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390033002D0031003900390037002000530041005000200041004700000000002800000001004C006500670061006C00540072006100640065006D000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B002000330000002300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
ApplicationGoo REG_BINARY 5802000054020000000200006C0734000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000000000000000000000000000CC060000010053007400720069006E006700460069006C00650049006E0066006F00000054030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009C003C0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006B002000340000002300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100010001000C000000010001000C00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000904B004A4010000010053007400720069006E006700460069006C00650049006E0066006F00000080010000010030003400300039003000340042003000000040002000010043006F006D00700061006E0079004E0061006D00650000000000440065004C006F0072006D00650020004D0061007000700069006E0067000000440022000100500072006F0064007500630074004E0061006D006500000000005200650067002000280044004C0069006200620079005C006D0073006600290000000000340014000100460069006C006500560065007200730069006F006E000000000031002E00300031002E0030003000310032000000380014000100500072006F006400750063007400560065007200730069006F006E00000031002E00300031002E003000300031003200000034001200010049006E007400650072006E0061006C004E0061006D00650000004D004E00470052004500470033003200000000000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B002000330000002300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
GlobalFlag REG_SZ 0x00200000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
GlobalFlag REG_SZ 0x00200000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
ApplicationGoo REG_BINARY 140200001002000000020000B40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100350007000000000035000700000000003F00000000000000040000000100000000000000000000000000000012020000010053007400720069006E006700460069006C00650049006E0066006F000000EE010000010030003400300039003000340062003000000042001100010043006F006D00700061006E0079004E0061006D00650000000000500065006F0070006C00650053006F00660074002C00200049006E0063002E0000000000280000000100460069006C0065004400650073006300720069007000740069006F006E00000000002A0005000100460069006C006500560065007200730069006F006E000000000037002E0035003300000000009C003C0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900380038002D0031003900390038002000500065006F0070006C00650053006F00660074002C00200049006E0063002E002000200041006C006C00200052006900670068007400730020005200650073006500720076006500640000003C000A0001004F0072006900670069006E0061006C00460069006C0065006E0061006D00650000007000730064006D0074002E001000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000000000000000000000000000E4060000010053007400720069006E006700460069006C00650049006E0066006F00000060030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009E003D0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B0020003300000024005402000000020000A40834000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000004080000010053007400720069006E006700460069006C00650049006E0066006F000000F0030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D0065000000530065007400750070000000A600410001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B0020003300000024005402000000020000180434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000078030000010053007400720069006E006700460069006C00650049006E0066006F00000054030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009A003B0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B002000330000002400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001001C0008000000000000000800000000003F00000000000000040000000100000000000000000000000000000064020000010053007400720069006E006700460069006C00650049006E0066006F00000040020000010030003400300039003000340062003000000044001200010043006F006D00700061006E0079004E0061006D0065000000000043006F00720065006C00200043006F00720070006F0072006100740069006F006E0000004E0013000100460069006C0065004400650073006300720069007000740069006F006E000000000043006F00720065006C002000530065007400750070002000570069007A00610072006400000000002C0006000100460069006C006500560065007200730069006F006E000000000038002E00300032003800000046001300010049006E007400650072006E0061006C004E0061006D006500000043006F00720065006C002000530065007400750070002000570069007A00610072006400000000006C00240001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390037002C00200043006F00720065006C00200043006F00720070006F0072000800000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010002000A0001000A0002000A0001000A000000000000000000040001000100000000000000000000000000000098020000010053007400720069006E006700460069006C00650049006E0066006F0000007402000001003000340030003900300034004500340000004A001500010043006F006D00700061006E0079004E0061006D00650000000000530079006D0061006E00740065006300200043006F00720070006F0072006100740069006F006E000000000060001C000100460069006C0065004400650073006300720069007000740069006F006E0000000000530079006D0061006E007400650063002000530079006D006500760065006E007400200049006E007300740061006C006C0065007200000034000A000100460069006C006500560065007200730069006F006E0000000000310030002E0032002E00310030002E003100000030000800010049006E007400650072006E0061006C004E0061006D006500000053004500560049004E005300540000007E002D0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020002800430029002000530079006D0061006E00740065006300200043006F0072000100000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
ApplicationGoo REG_BINARY 1402000010020000000200007C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000900260000000100090026003F000000000000000400000001000000000000000000000000000000DC020000010053007400720069006E006700460069006C00650049006E0066006F000000B8020000010030003400300039003000340062003000000066002700010043006F006D006D0065006E0074007300000042007500730069006E00650073007300200049006E00740065006C006C006900670065006E006300650020006F006E0020004500760065007200790020004400650073006B0074006F0070000000000048001400010043006F006D00700061006E0079004E0061006D0065000000000043006F0067006E006F007300200049006E0063006F00720070006F0072006100740065006400000060001C000100460069006C0065004400650073006300720069007000740069006F006E000000000043006F0067006E006F0073002000470065006E006500720069006300200049006E007300740061006C006C006100740069006F006E00000038000C000100460069006C006500560065007200730069006F006E000000000031002C00200030002C002000330038002C0020003900000030000800010049006E007400650072006E0061006C004E0061006D00650000000100000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger REG_SZ ntsd -d
GlobalFlag REG_SZ 0x000010F0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
ApplicationGoo REG_BINARY 140200001002000000020000A40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000100000000000100010000003F00000000000000010001000100000000000000000000000000000004020000010053007400720069006E006700460069006C00650049006E0066006F000000E0010000010030003400300039003000340045003400000020000000010043006F006D00700061006E0079004E0061006D00650000000000580018000100460069006C0065004400650073006300720069007000740069006F006E000000000049004E005300540041004C004C0020004D004600430020004100700070006C00690063006100740069006F006E000000300008000100460069006C006500560065007200730069006F006E000000000031002E0030002E00300030003100000030000800010049006E007400650072006E0061006C004E0061006D006500000049004E005300540041004C004C0000002400000001004C006500670061006C0043006F00700079007200690067006800740000002800000001004C006500670061006C00540072006100640065006D00610072006B0073000000000040000C0001004F0072006900670069006E0061006C00460069006C0065006E0061006D006500000049004E005300540041004C004C002E004500580045000000300008000800000000000000

checkfile.txt

C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllcache\explorer.exe

uninstal.txt

Acer eManager for Notebook
Acer ePowerManagement
Acer GridVista
Adobe Reader 7.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Deskbar
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
CA Pest Patrol Realtime Protection
Conexant AC-Link Audio
Digidesign Pro Tools LE 7.0
Digidesign Shared Plug-Ins 7.0
Free Bomb Factory Plug-Ins 7.0
Google Desktop Search
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet 3740
HP Software Update
Intel® Extreme Graphics 2 Driver
InterLok Driver Kit
iTunes
J2SE Runtime Environment 5.0 Update 1
Launch Manager
LimeWire 4.12.11
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
Napster
Napster Burn Engine
NTI Backup NOW! 3
NTI CD & DVD-Maker Gold
PeoplePC Online
PeoplePC: PeoplePal Toolbar 6.2
PowerDVD
Prevx1
Pure Networks Port Magic
QuickTime
RealPlayer
RegCure 1.2.0.4
Safety and Security Center Uninstaller
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
SoftV92 Data Fax Modem with SmartCP
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

Back to top

#11 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 07 April 2007 - 05:53 PM

So you cant start explorer with the task manager? Try this:

goto task manager > new task > browse and goto the windows folder, find explorer.exe then right click it and choose copy, right click an empty space and choose paste and it will add a file named 'copy of explorer.exe'. Try to start the copy by browsing to it with the task manager. Let us know if it works.

Back to top

#12 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 07 April 2007 - 09:13 PM

rridgely, on Apr 7 2007, 05:53 PM, said:

So you cant start explorer with the task manager? Try this:

goto task manager > new task > browse and goto the windows folder, find explorer.exe then right click it and choose copy, right click an empty space and choose paste and it will add a file named 'copy of explorer.exe'. Try to start the copy by browsing to it with the task manager. Let us know if it works.

I tried and nothing happened. I still don't have a taskbar, my desktop still does not have icons.

im clueless

Back to top

#13 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 08 April 2007 - 12:51 AM

Open hijackthis and do a system scan. Check off the following entries:

O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups

Next press "fix checked" and exit hijackthis.

Reboot your computer and see if explorer loads up. If it does not follow the below steps:

Download GMER from Here
Unzip it and start GMER.exe. Click the rootkit-tab and click scan.
Once done, click the Copy button. This will copy the results to clipboard.
You can then right click into a notepad file or straight back on here and choose Paste to post the results back.

Copy and paste this into Task Manager > Application > New Task >

cmd /c reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s|FIND.EXE "Explorer.exe">%systemdrive%\CheckShell.txt && notepad %systemdrive%\CheckShell.txt

Post back the result that will open in Notepad

Next copy and paste this command

cmd /c reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s>%systemdrive%\Checkpath.txt && notepad %systemdrive%\Checkpath.txt
Post back the results, then this command

cmd /c dir /s/a-d %systemdrive%\explorer.exe>%systemdrive%\Checkexplorer.txt && notepad %systemdrive%\Checkexplorer.txt

Post back the results from each, they will all create a different named text file on C:\drive so post back C:\CheckShell.txt , C:\Checkexplorer.txt & C:\Checkpath.txt

Finally visit VirusTotal and have this file scanned:

C:\Windows\explorer.exe

Open the scan site and press Browse, locate the file and double click it to load the path into the Virus scan window then press Send, copy and paste the Virus scan results back

Back to top

#14 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 08 April 2007 - 08:01 AM

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-08 00:34:48
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT pxfsf.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT pxfsf.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT pxfsf.sys ZwCreatePort
SSDT pxfsf.sys ZwCreateProcess
SSDT pxfsf.sys ZwCreateProcessEx
SSDT pxfsf.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT pxfsf.sys ZwDeleteFile
SSDT pxfsf.sys ZwDeleteKey
SSDT pxfsf.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT pxfsf.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT pxfsf.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT pxfsf.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT pxfsf.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT pxfsf.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT pxfsf.sys ZwReplaceKey
SSDT pxfsf.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT pxfsf.sys ZwSetContextThread
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT pxfsf.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT pxfsf.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + D4 804E2730 24 Bytes [ 79, 98, 3F, F7, 83, 98, 3F, ... ]
.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 16 Bytes [ B5, 98, 3F, F7, BF, 98, 3F, ... ]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ DD, 98, 3F, F7, E7, 98, 3F, ... ]
.text ntoskrnl.exe!_abnormal_termination + 114 804E2770 24 Bytes [ FB, 98, 3F, F7, 05, 99, 3F, ... ]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [ A5, 99, 3F, F7, AF, 99, 3F, ... ]
.text ...

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\SYSTEM32\TASKMGR.EXE[224] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10005C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE[424] WS2_32.dll!connect 71AB406A 5 Bytes JMP 01375C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRAM FILES\MCAFEE.COM\ANTIVIRUS\OASCLNT.EXE[1708] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00DE5C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\rundll32.exe[2672] WS2_32.dll!connect 71AB406A 5 Bytes JMP 009F5C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\Documents and Settings\Tashua\Desktop\gmer.exe[2768] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10005C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\system32\rundll32.exe[3036] WS2_32.dll!connect 71AB406A 5 Bytes JMP 009F5C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 0123F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 013CFEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 013CFE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 013CFE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 013CFDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 013CFE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 013CFEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 012615DA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3056] WS2_32.dll!connect 71AB406A 5 Bytes JMP 03135C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[3244] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10005C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\program files\aol\aol toolbar 5.0\AolTbServer.exe[3300] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10005C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\Program Files\Common Files\AOL\1175664859\ee\SSCEvtHdlr.exe[3344] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10005C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text C:\PROGRAM FILES\COMMON FILES\AOL\1175664859\EE\AOLSOFTWARE.EXE[3368] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00925C5B C:\PROGRA~1\mcafee.com\vso\McVSSkt.dll
.text ...

---- Devices - GMER 1.0.12 ----

Device \Driver\SMBHC \Device\SmbHc IRP_MJ_CREATE [F7A5BC98] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_CLOSE [F7A5BC98] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_DEVICE_CONTROL [F7A5B4A4] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5B3D2] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_POWER [F7A5B386] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_SYSTEM_CONTROL [F7A5B4A4] SMBCLASS.SYS
Device \Driver\SMBHC \Device\SmbHc IRP_MJ_PNP [F7A5BE88] SMBCLASS.SYS

---- EOF - GMER 1.0.12 ----

As i performed the checkshell action. a message popped up saying that access is denied in the winlogon credentials.

C:\checkshell.txt
Shell REG_SZ Explorer.exe

C:\Checkpath.txt
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 6
PROCESSOR_IDENTIFIER REG_SZ x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_REVISION REG_SZ 0d06
NUMBER_OF_PROCESSORS REG_SZ 1
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip

C:\checkexplorer.txt

Volume in drive C is ACER
Volume Serial Number is 320D-180E

Directory of C:\WINDOWS

08/04/2004 05:00 AM 1,032,192 explorer.exe
1 File(s) 1,032,192 bytes

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 05:00 AM 1,032,192 explorer.exe
1 File(s) 1,032,192 bytes

Total Files Listed:
2 File(s) 2,064,384 bytes
0 Dir(s) 38,101,942,272 bytes free

VirusTotal Scan log:

Complete scanning result of "explorer.exe", received in VirusTotal at 04.08.2007, 09:53:17 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.08.2007 no virus found
BitDefender 7.2 04.08.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.08.2007 no virus found
DrWeb 4.33 04.07.2007 no virus found
eSafe 7.0.15.0 04.07.2007 no virus found
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.08.2007 No threat detected
Fortinet 2.85.0.0 04.08.2007 no virus found
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 no virus found
Ikarus T3.1.1.3 04.08.2007 no virus found
Kaspersky 4.0.2.24 04.08.2007 no virus found
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.08.2007 no virus found
NOD32v2 2173 04.07.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.07.2007 no virus found
Prevx1 V2 04.08.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.08.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.07.2007 no virus found
VirusBuster 4.3.7:9 04.07.2007 no virus found
Webwasher-Gateway 6.0.1 04.08.2007 no virus found

Aditional Information
File size: 1032192 bytes
MD5: a0732187050030ae399b241436565e64
SHA1: 69f33740413da112630be73ebb805a23b69f2f7f
Bit9 info: http://fileadvisor.bit9.com/services/extin...99b241436565e64

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

Back to top

#15 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 08 April 2007 - 03:30 PM

Download this file:
http://djlizard.net/...-v0.60.0.24.zip

Unzip the file and open up dialafix.exe. With the program open I want you too press the green checkmarks and then press go.
Let it run and when its finished reboot your computer. Let us know if explorer starts up.

Back to top

#16 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 09 April 2007 - 06:45 AM

Explorer still did not start, however what i noticed was after i rebooted, open taskmanager and typed in explorer.exe, and hit ok .the taskbar popped in and out. It was almost as if it was trying to load.

here is the log from the dial a fix

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 7.0.5730.11
MPC: 76487-OEM
CPU: Intel® Pentium® M processor 1.60GHz (~1600MHz)
BIOS: 6/27/2005
Memory (approx): 1006MB
Uptime: 0 hour(s)
Current directory: C:\Program Files\Dial-a-fix-v0.60.0.24
---

4/8/2007 11:37:44 PM -- Dial-a-fix : [v0.60.0.24] -- started
11:37:44 PM | Policy scan started
11:37:44 PM | Policy scan ended - no restrictive policies were found
11:38:27 PM | Policy scan started
11:38:28 PM | Policy scan ended - no restrictive policies were found
11:38:29 PM | "Hide disabled policies" was toggled - initiating a policy scan:
11:38:29 PM | Policy scan ended - no restrictive policies were found
11:38:30 PM | Policy scan started
11:38:30 PM | Policy scan ended - no restrictive policies were found
11:38:32 PM | "Hide disabled policies" was toggled - initiating a policy scan:
11:38:32 PM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
11:38:38 PM | Deleting C:\Documents and Settings\Jeremiah\Local Settings\Temp...
11:38:39 PM | C:\Documents and Settings\Jeremiah\Local Settings\Temp could not be completely emptied, please reboot and try again
11:38:39 PM | Deleting C:\WINDOWS\temp...
11:38:39 PM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
11:38:39 PM | Deleting C:\DOCUME~1\Jeremiah\LOCALS~1\Temp...
11:38:39 PM | C:\DOCUME~1\Jeremiah\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
11:39:10 PM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
11:39:19 PM | Unregistered: C:\WINDOWS\system32\msxml.dll
11:39:19 PM | Registered: C:\WINDOWS\system32\msxml.dll
11:39:19 PM | Unregistered: C:\WINDOWS\system32\msxml2.dll
11:39:20 PM | Registered: C:\WINDOWS\system32\msxml2.dll
11:39:20 PM | Unregistered: C:\WINDOWS\system32\msxml3.dll
11:39:20 PM | Registered: C:\WINDOWS\system32\msxml3.dll
11:39:21 PM | Unregistered: C:\WINDOWS\system32\msxml4.dll
11:39:21 PM | Registered: C:\WINDOWS\system32\msxml4.dll
11:39:21 PM | Unregistered: C:\WINDOWS\system32\qmgr.dll
11:39:21 PM | Registered: C:\WINDOWS\system32\qmgr.dll
11:39:21 PM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
11:39:21 PM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
11:39:21 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
11:39:21 PM | Registered: C:\WINDOWS\system32\winhttp.dll
11:39:21 PM | Registered: C:\WINDOWS\system32\wuapi.dll
11:39:22 PM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
11:39:22 PM | Registered: C:\WINDOWS\system32\wuaueng.dll
11:39:22 PM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
11:39:22 PM | Registered: C:\WINDOWS\system32\wuaueng1.dll
11:39:22 PM | Unregistered: C:\WINDOWS\system32\wucltui.dll
11:39:22 PM | Registered: C:\WINDOWS\system32\wucltui.dll
11:39:22 PM | Unregistered: C:\WINDOWS\system32\wups.dll
11:39:23 PM | Registered: C:\WINDOWS\system32\wups.dll
11:39:23 PM | Unregistered: C:\WINDOWS\system32\wups2.dll
11:39:23 PM | Registered: C:\WINDOWS\system32\wups2.dll
11:39:23 PM | Unregistered: C:\WINDOWS\system32\wuweb.dll
11:39:23 PM | Registered: C:\WINDOWS\system32\wuweb.dll
11:39:23 PM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
11:39:33 PM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
11:39:37 PM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
11:39:37 PM | Registered: C:\WINDOWS\system32\cryptdlg.dll
11:39:37 PM | Unregistered: C:\WINDOWS\system32\cryptui.dll
11:39:37 PM | Registered: C:\WINDOWS\system32\cryptui.dll
11:39:38 PM | Unregistered: C:\WINDOWS\system32\cryptext.dll
11:39:38 PM | Registered: C:\WINDOWS\system32\cryptext.dll
11:39:38 PM | Unregistered: C:\WINDOWS\system32\dssenh.dll
11:39:38 PM | Registered: C:\WINDOWS\system32\dssenh.dll
11:39:38 PM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
11:39:38 PM | Registered: C:\WINDOWS\system32\gpkcsp.dll
11:39:39 PM | Unregistered: C:\WINDOWS\system32\initpki.dll
11:41:09 PM | Registered: C:\WINDOWS\system32\initpki.dll
11:41:09 PM | Unregistered: C:\WINDOWS\system32\licdll.dll
11:41:10 PM | Registered: C:\WINDOWS\system32\licdll.dll
11:41:10 PM | Unregistered: C:\WINDOWS\system32\mssign32.dll
11:41:10 PM | Registered: C:\WINDOWS\system32\mssign32.dll
11:41:10 PM | Unregistered: C:\WINDOWS\system32\mssip32.dll
11:41:10 PM | Registered: C:\WINDOWS\system32\mssip32.dll
11:41:10 PM | Unregistered: C:\WINDOWS\system32\scardssp.dll
11:41:10 PM | Registered: C:\WINDOWS\system32\scardssp.dll
11:41:10 PM | Unregistered: C:\WINDOWS\system32\sccbase.dll
11:41:10 PM | Registered: C:\WINDOWS\system32\sccbase.dll
11:41:10 PM | Unregistered: C:\WINDOWS\system32\scecli.dll
11:41:11 PM | Registered: C:\WINDOWS\system32\scecli.dll
11:41:11 PM | Unregistered: C:\WINDOWS\system32\softpub.dll
11:41:11 PM | Registered: C:\WINDOWS\system32\softpub.dll
11:41:11 PM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
11:41:11 PM | Registered: C:\WINDOWS\system32\slbcsp.dll
11:41:11 PM | Unregistered: C:\WINDOWS\system32\regwizc.dll
11:41:11 PM | Registered: C:\WINDOWS\system32\regwizc.dll
11:41:11 PM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
11:41:11 PM | Registered: C:\WINDOWS\system32\rsaenh.dll
11:41:11 PM | Unregistered: C:\WINDOWS\system32\winhttp.dll
11:41:12 PM | Registered: C:\WINDOWS\system32\winhttp.dll
11:41:12 PM | Unregistered: C:\WINDOWS\system32\wintrust.dll
11:41:12 PM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
11:41:12 PM | Registered: C:\WINDOWS\system32\acelpdec.ax
11:41:13 PM | Registered: C:\WINDOWS\system32\actxprxy.dll
11:41:13 PM | Registered: C:\WINDOWS\system32\asctrls.ocx
11:41:13 PM | Registered: C:\WINDOWS\system32\daxctle.ocx
11:41:13 PM | Registered: C:\WINDOWS\system32\hhctrl.ocx
11:41:13 PM | Registered: C:\WINDOWS\system32\l3codecx.ax
11:41:13 PM | Registered: C:\WINDOWS\system32\licmgr10.dll
11:41:13 PM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
11:41:15 PM | Registered: C:\WINDOWS\system32\msdxm.ocx
11:41:15 PM | Registered: C:\WINDOWS\system32\proctexe.ocx
11:41:15 PM | Registered: C:\WINDOWS\system32\tdc.ocx
11:41:15 PM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
11:41:18 PM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
11:41:18 PM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
11:41:19 PM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
11:41:19 PM | Registered: C:\WINDOWS\system32\quartz.dll
11:41:19 PM | Registered: C:\WINDOWS\system32\danim.dll
11:41:19 PM | Registered: C:\WINDOWS\system32\dmscript.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\dmstyle.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\dxmasf.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\dxtmsft.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\dxtrans.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
11:41:20 PM | Registered: C:\WINDOWS\system32\atl.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\corpol.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\jscript.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\dispex.dll
11:41:20 PM | Registered: C:\WINDOWS\system32\scrrun.dll
11:41:21 PM | Registered: C:\WINDOWS\system32\scrobj.dll
11:41:21 PM | Registered: C:\WINDOWS\system32\vbscript.dll
11:41:21 PM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
11:41:21 PM | Registered: C:\WINDOWS\system32\activeds.dll
11:41:21 PM | Registered: C:\WINDOWS\system32\audiodev.dll
11:41:21 PM | Registered: C:\WINDOWS\system32\browsewm.dll
11:41:21 PM | Registered: C:\WINDOWS\system32\cabview.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\cdfview.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\comcat.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\cscui.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\credui.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\datime.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\devmgr.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
11:41:22 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\dmloader.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\dmocx.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\dmview.ocx
11:41:23 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
11:41:23 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\dsquery.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
11:41:23 PM | Registered: C:\WINDOWS\system32\els.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\es.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\fontext.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\hlink.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\iepeers.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\ils.dll
11:41:24 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
11:41:25 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
11:41:25 PM | Registered: C:\WINDOWS\system32\laprxy.dll
11:41:25 PM | Registered: C:\WINDOWS\system32\lmrt.dll
11:41:26 PM | Registered: C:\WINDOWS\system32\mlang.dll
11:41:26 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
11:41:27 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
11:41:27 PM | Registered: C:\WINDOWS\system32\mscoree.dll
11:41:27 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
11:41:27 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
11:41:27 PM | Registered: C:\WINDOWS\system32\msr2c.dll
11:41:27 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
11:41:28 PM | Registered: C:\WINDOWS\system32\mydocs.dll
11:41:28 PM | Registered: C:\WINDOWS\system32\mstime.dll
11:41:28 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
11:41:28 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
11:41:28 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
11:41:28 PM | Registered: C:\WINDOWS\system32\netman.dll
11:41:29 PM | Registered: C:\WINDOWS\system32\netshell.dll
11:41:29 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
11:41:29 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
11:41:29 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
11:41:29 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
11:41:29 PM | DllInstalled: C:\WINDOWS\system32\occache.dll
11:41:29 PM | Registered: C:\WINDOWS\system32\occache.dll
11:41:29 PM | Registered: C:\WINDOWS\system32\ole32.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\oleacc.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\olepro32.dll
11:41:30 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\photowiz.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\remotepg.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\rshx32.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\sendmail.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
11:41:30 PM | Registered: C:\WINDOWS\system32\shell32.dll
11:41:35 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
11:41:35 PM | Registered: C:\WINDOWS\system32\shmedia.dll
11:41:35 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
11:41:36 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\srclient.dll
11:41:36 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\stobject.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\twext.dll
11:41:36 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\urlmon.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\userenv.dll
11:41:36 PM | Registered: C:\WINDOWS\system32\winhttp.dll
11:41:36 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
11:41:37 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
11:41:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
11:41:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
11:41:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
11:41:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
11:41:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
11:41:37 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
11:41:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
11:41:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
11:41:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
11:41:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
11:41:38 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
11:41:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
11:41:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
11:41:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
11:41:39 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
11:41:40 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
11:41:40 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
11:41:40 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
11:41:40 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
11:41:40 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
11:41:41 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
11:41:41 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

Back to top

#17 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 09 April 2007 - 02:23 PM

Ok, I think now would be a good time to start backing up your most valuable data.
What I think we should try is a repair install of windows. This shouldn't harm your data, but its always better to be safe than sorry.

Here is how you do it:
http://www.michaelst...pairinstall.htm

Let me know how it goes.

Back to top

#18 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 09 April 2007 - 05:48 PM

my computer is not allowing me to back up my files. It keeps giving me an error and error reporting starts

Back to top

#19 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 09 April 2007 - 08:26 PM

What method are you using to back them up? (are you trying to burn cds, use portable drive, ect)
Let me know and I'll try to suggest something different that might work.

Like I mentioned above, a repair installation of windows shouldn't mess with your data, but.. you know.

Back to top

#20 OFFLINE Mrsjrich

Member

Members
15 posts

Posted 10 April 2007 - 12:34 AM

I was able to back them p..It took all day. I don't have a window xp disk, however I do know the image is stored on the drive. I tried to do a repair installation however, there was no option for such method. The only option was to do a new install.

how else can i perform a repair instal

Back to top

Next

Back to Spyware Hell