XP Logoff Loop - Login only available in Safe Mode [CLOSED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
  |
 Oct 21 2008, 08:30 PM
Post
#1
|
|
|
Member  Posts: 17 OS: XP Professional SP 3  |
My first log on 10/19/08 (attached) actually found Malware. My latest logs and scans (10/21 attached) have found nothing, but I still am not able to logon to Windows unless I use Safe Mode. Malwarebytes' Anti-Malware 1.29 Database version: 1290 Windows 5.1.2600 Service Pack 3 10/19/2008 2:16:13 PM mbam-log-2008-10-19 (14-16-13).txt Scan type: Full Scan (C:\|) Objects scanned: 126740 Time elapsed: 43 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{70f17c8c-1744-41b6-9d07-575db448dcc5} (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 10/21/08 Malwarebytes' Anti-Malware 1.29 Database version: 1298 Windows 5.1.2600 Service Pack 3 10/21/2008 9:03:37 PM mbam-log-2008-10-21 (21-03-37).txt Scan type: Quick Scan Objects scanned: 39318 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:01 PM, on 10/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://sas.r3.attbi.com:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r3.attbi.com;localhost;<local>;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: BlackICE Agent.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132500276321 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://65.64.212.99/webview/msxml/msxml4.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O22 - SharedTaskScheduler: Windows Update - {C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} - C:\WINDOWS\system32\ioctrl.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe -- End of file - 7875 bytes Adobe Acrobat 5.0 Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 Adobe Shockwave Player AnswerWorks 4.0 Runtime - English Apple Mobile Device Support Apple Software Update Avance AC'97 Audio BigFix Bonjour Check Point VPN-1 SecureClient NG_AI_R56 Conexant SoftK56 Modem(M) Detto IntelliMover Disney Toontown Online Disney's Mickey Mouse Toddler Disney's Winnie the Pooh Toddler EAX Unified ERUNT 1.1j Google Earth Google Updater HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) ICQ Intel® 82845G Graphics Driver Software InterActual Player iPod for Windows 2005-10-12 iPod for Windows 2006-03-23 iTunes Java 2 Runtime Environment Standard Edition v1.3.1_02 Java™ 6 Update 3 Java™ 6 Update 5 Java™ 6 Update 7 Lexmark X74-X75 Links LS 1999 LiveUpdate 1.7 (Symantec Corporation) Logitech Desktop Messenger Logitech MouseWare 9.76 Madden NFL 2004 Mafia Game MAGIX music studio 7 Malwarebytes' Anti-Malware Medal of Honor Allied Assault Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Baseline Security Analyzer 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Digital Image Suite 10 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Links 2003 Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 6.0 MobileMe Control Panel Mozilla Firefox (3.0.3) MSN Messenger 5.0 MSN Music Assistant MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MX-800 Editor Netscape 6 (6.2.1) Photo Loader 2.1E Photohands 1.0E Playhouse Disney Rolie Polie Olie PowerDVD Quicken 2006 QuickTime RealPlayer Basic Safari Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Shockwave Supportsoft Web Controls Symantec AntiVirus Client TurboTax Deluxe 2007 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Winamp (remove only) Windows Backup Utility Windows Defender Windows Defender Signatures Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 3 WinZip |
 |
 
|
|
Oct 26 2008, 08:29 AM
Post
#2
|
|
 Trusted Helper  Posts: 811 From: Sweden OS: Windows XP SP3 |
Hello Brass07 !
Welcome to the site!  My nickname is heir and I'll be helping clean up your computer.  I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
Please read my posts completely before following the instructions. It may be easier for you if you copy and paste a post to a new text document or print it for reference later. This is required when you won't have access to Internet. |
|
|
|
|
Oct 26 2008, 09:52 AM
Post
#3
|
|
|
Member Posts: 17 OS: XP Professional SP 3 |
Great to know help is out there. Sorry about the Wordwrap thing. I'll try to remember to always ensure it's unchecked. Thanks for your assistance!
|
|
|
|
|
Oct 27 2008, 07:11 AM
Post
#4
|
|
|
Trusted Helper Posts: 811 From: Sweden OS: Windows XP SP3 |
Hello Brass07!
I've reviewed your logs. Let's start then. Step 1. Smitfraudfix: You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please download SmitfraudFix (by S!Ri) to your Desktop. (Do this from SafeMode with network support) Next, please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background. Step 2. Things I want to see in your reply
|
|
|
|
|
Oct 27 2008, 08:05 PM
Post
#5
|
|
|
Member Posts: 17 OS: XP Professional SP 3 |
1. Rapport file txt
SmitFraudFix v2.367 Scan done at 20:24:21.17, Mon 10/27/2008 Run from C:\Documents and Settings\Marc\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" [HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32] @="C:\WINDOWS\system32\ioctrl.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32] @="C:\WINDOWS\system32\ioctrl.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 www.proxy.cs.com »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{43A6F4D7-AF3D-4C7C-9511-14AE5C3A7C2F}: DhcpNameServer=24.93.41.127 24.93.41.128 HKLM\SYSTEM\CS2\Services\Tcpip\..\{43A6F4D7-AF3D-4C7C-9511-14AE5C3A7C2F}: DhcpNameServer=24.93.41.127 24.93.41.128 HKLM\SYSTEM\CS3\Services\Tcpip\..\{43A6F4D7-AF3D-4C7C-9511-14AE5C3A7C2F}: DhcpNameServer=24.93.41.127 24.93.41.128 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.127 24.93.41.128 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.127 24.93.41.128 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.127 24.93.41.128 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End 2. a. I allowed the pc to boot in Normal mode. b. During the boot sequence, the PC froze. c. I held the power button to power down the PC. d. Allowed normal boot and selected my user account. e. My desktop loaded, then before the load could complete, the PC started shutdown. f. As the PC was shutting down, it reported completing 9 updates, then shutdown. g. Booted in Normal mode, my desktop loaded, then before it could complete, the PC shutdown again. Thanks again for you help here..... |
|
|
|
|
Oct 27 2008, 08:09 PM
Post
#6
|
|
|
Member Posts: 17 OS: XP Professional SP 3 |
Heir,
Just to be clear....I am still only able to boot the PC in safe mode. |
|
|
|
|
Oct 28 2008, 10:01 AM
Post
#7
|
|
|
Trusted Helper Posts: 811 From: Sweden OS: Windows XP SP3 |
Hello again Brass07!
What was done on the computer just prior to the fact that you couldn't get into normal mode? In safemode with network support the normal protection measures aren't in place. I recommend you to use another computer for downloading tools and posting here. Transfer the information between the computers with some sort of removable media, like a memory-stick. We need to take a deeper look into your computer with a scan Step 1. Scan with OTViewIt: Download OTViewIt to your desktop.
Step 2. Things I want to see in your reply
|
|
|
|
|
Oct 28 2008, 02:51 PM
Post
#8
|
|
|
Member Posts: 17 OS: XP Professional SP 3 |
Hello Heir!
Will take your adivce for using another PC to connect to the web and transfering files via thumbnail. I have been connecting to the web via Safe Mode with Networking to pick up files and post here. I'll follow your steps tonight at home and respond tomorrow. Thanks for your patience. |
|
|
|
|
Oct 29 2008, 06:47 AM
Post
#9
|
|
|
Member Posts: 17 OS: XP Professional SP 3 |
Hello again heir, Just prior to attempting to log in using Normal Mode; (Sorry if this is more than you wanted) 1. I used my PC in Safe Mode with Networking to read your post and load executables. 2. Logged out and Logged in Using Safe Mode (not with Networking) and I shut down my modem. 3. Ran Smitfraud exe by following the steps in your post. 4. Smitfraud completed it's process. 5. I Closed Notepad, as that was the only open window. 6. When I closed Notepad, my PC restarted. 7. The restart sequence began, but stalled before Windows loaded enough to display the blue screen that says Windows loading. 8. I held down the power button to power down the PC. 9. Powered it back up and allowed the PC to start up in Normal Mode. 10. I chose my typical user account, entered my password and the PC displayed my desktop (minus my normal wallpaper) 11. As it was going through startup for all the programs in my system tray, I see an error that Symantec Antirvirus failed to start because the PC is shutting down. (Which is what has been occuring since this all started). 12. As the PC was shutting down, I saw a message that said Loading Updates 1 of 9....then 2 of 9 and so on...... 13. I started the PC again in Safe Mode with Networking and completed my post to you. OTViewIt.txt OTViewIt logfile created on: 10/28/2008 5:29:04 PM - Run OTViewIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Marc\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 381.98 Mb Total Physical Memory | 241.51 Mb Available Physical Memory | 63.23% Memory free 539.30 Mb Paging File | 445.52 Mb Available in Paging File | 82.61% Paging File free Paging file location(s): c:\pagefile.sys 192 384; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.22 Gb Total Space | 7.86 Gb Free Space | 21.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.99% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BFAMILY1 Current User Name: Marc Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Whitelist: On File Age = 30 Days ========== Processes ========== [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe [2008/10/28 15:45:58 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTViewIt.exe ========== (O23) Win32 Services ========== [2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2004/10/29 11:04:44 | 00,847,872 | R--- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Network ICE\BlackICE\blackd.exe -- (BlackICE [Auto | Stopped]) [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2002/07/30 12:36:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Stopped]) [2008/09/02 21:19:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) [2002/10/14 15:03:18 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Stopped]) [2002/07/30 12:40:44 | 00,573,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Stopped]) [2003/06/19 19:40:20 | 00,688,128 | R--- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Network ICE\BlackICE\RapApp.exe -- (RapApp [On_Demand | Stopped]) [2004/04/01 16:48:04 | 00,106,589 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service [Auto | Stopped]) [2004/04/01 16:48:14 | 00,032,862 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_WatchDog [Auto | Stopped]) [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running]) [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2002/04/15 15:31:50 | 00,107,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc [On_Demand | Stopped]) [2003/07/10 13:09:08 | 00,026,493 | R--- | M] (ADMtek Incorporated) -- C:\WINDOWS\system32\drivers\ADM851x.SYS -- (ADM851x [On_Demand | Stopped]) [2002/06/29 18:05:00 | 00,654,508 | ---- | M] (Avance Logic, Inc.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped]) [2002/11/02 05:14:11 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Stopped]) [2005/03/29 17:04:54 | 00,229,367 | R--- | M] (Internet Security Systems, Inc.) -- C:\WINDOWS\system32\drivers\blackdrv.sys -- (black [Disabled | Stopped]) [2004/04/01 16:48:18 | 02,041,744 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1 [On_Demand | Stopped]) [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped]) [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2002/02/13 13:27:30 | 00,166,419 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped]) [2002/02/13 13:26:54 | 01,171,584 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped]) [2002/09/16 15:04:10 | 00,079,323 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped]) [2003/03/04 04:50:00 | 00,053,870 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running]) [2003/03/04 04:50:00 | 00,073,134 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running]) [2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped]) [2001/10/22 16:46:42 | 00,009,855 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped]) [2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped]) [2002/06/19 21:57:12 | 00,218,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Stopped]) [2002/06/19 21:57:14 | 00,029,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL [Auto | Stopped]) [2008/10/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081020.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped]) [2008/10/20 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081020.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped]) [2004/04/01 16:48:04 | 00,014,924 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\OMVA.sys -- (OMVA [On_Demand | Stopped]) [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Stopped]) [2004/05/11 16:32:30 | 00,020,176 | R--- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running]) [2001/08/17 14:53:32 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX [On_Demand | Stopped]) [2003/06/19 19:40:42 | 00,036,676 | R--- | M] (Internet Security Systems, Inc.) -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile [On_Demand | Stopped]) [2003/06/19 19:40:54 | 00,024,344 | R--- | M] (Internet Security Systems, Inc.) -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet [On_Demand | Stopped]) [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Stopped]) [2004/04/01 16:48:06 | 00,017,424 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\scap.sys -- (Scap [Auto | Stopped]) [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Stopped]) [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) [2003/03/30 11:07:25 | 00,073,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped]) [2004/04/01 16:48:24 | 00,670,128 | ---- | M] (Check Point Software Technologies) -- C:\WINDOWS\system32\drivers\vpn.sys -- (VPN-1 [Auto | Stopped]) [2002/02/13 13:20:46 | 00,594,032 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped]) [2002/09/16 15:05:26 | 00,091,678 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Stopped]) [2002/09/16 15:05:36 | 00,071,514 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\windows\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\windows\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://home.microsoft.com/access/autosearch.asp?p=%s [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.r3.attbi.com;localhost;<local>;*.local ========== (O1) Hosts File ========== HOSTS File = (761 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.proxy.cs.com ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.) ========== (O3) Toolbars ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ""= File not found "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) "BluetoothAuthenticationAgent"=rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation) "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.) "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" (Lexmark International, Inc.) "Logitech Utility"=Logi_MwX.Exe (Logitech Inc.) "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.) "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.) "SoundMan"=SOUNDMAN.EXE (Avance Logic, Inc.) "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) "vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation) "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) ========== (O4) Startup Folders ========== [2002/07/31 10:22:26 | 01,742,384 | ---- | M] (BigFix Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\BigFix.exe File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackICE Agent.lnk = [2007/02/17 10:51:14 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE [2002/08/22 16:17:10 | 00,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE [2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Marc\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation) ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {6224f700-cba3-4071-b251-47cb894244cd}: Button: ICQ -- %ProgramFiles%\ICQ\Icq.exe [2002/02/07 01:20:28 | 01,995,333 | ---- | M] () {6224f700-cba3-4071-b251-47cb894244cd}: Menu: ICQ -- %ProgramFiles%\ICQ\Icq.exe [2002/02/07 01:20:28 | 01,995,333 | ---- | M] () {E023F504-0C5A-4750-A1E7-A9046DEA8A21}: Button: MoneySide -- %ProgramFiles%\Microsoft Money\System\mnyviewer.dll File not found {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> %ProgramFiles%\ICQ\Icq.exe [ICQ] -> [2002/02/07 01:20:28 | 01,995,333 | ---- | M] () CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKLM] -> %ProgramFiles%\Microsoft Money\System\mnyviewer.dll [MoneySide] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/08/01 20:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.) ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] microsoft.com\update: https in My Computer microsoft.com\windowsupdate: https in My Computer turbotax.com: https in Trusted sites windowsupdate.com\download: https in My Computer 2 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object {17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/0/5...heckControl.cab -- Windows Genuine Advantage Validation Tool {233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control {33564D57-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened. {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine {406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1132500276321 -- MUWebControl Class {88D969C0-F192-11D4-A65F-0040963251E5}: http://65.64.212.99/webview/msxml/msxml4.cab -- XML DOM Document 4.0 {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin {9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/CAB/...7713.7857986111 -- Reg Error: Key does not exist or could not be opened. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03 {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened. Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened. ========== (O17) DNS Name Servers ========== {43A6F4D7-AF3D-4C7C-9511-14AE5C3A7C2F} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC) {4575B9EA-FC4D-4E7F-B7D5-2E4E1F4F4285} (Servers: | Description: ADMtek ADM8513 USB To Fast Ethernet Adapter) {BEE34350-FAE0-4816-9374-5D638F7A2714} (Servers: | Description: ) ========== (O19) User Style Sheets ========== |