Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! Computer doesn't log on [CLOSED]

Started by SeniorChief , May 28 2008 04:16 PM

  • This topic is locked This topic is locked

#1
SeniorChief
Posted 28 May 2008 - 04:16 PM

SeniorChief

    Member

  • Member
  • PipPip
  • 32 posts
As of right know my computer is broken, when ever I attempt to turn it on it says this:


STOP: C0000218 {Registry File Failure}
The registry cannot load the hive file
\systemRoot\system32\confg\software

Then it starts to dump the physical memory

This also happens when I try to log in as any of the safe modes


thanks to anyone that helps

-seniorchief

Edited by SeniorChief, 28 May 2008 - 04:16 PM.

  • 0

Advertisements

#2
SeniorChief
Posted 28 May 2008 - 08:16 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I know that you are suppose to give a new topic some time on the boards but this has turned into an emergency.
  • 0

#3
RatHat
Posted 29 May 2008 - 08:09 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi again!

What happened to do this? Any idea?

OK, we are going to need your original Windows installation disk.
  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
    Note: Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.
  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
    Note: If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
  • When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
    Note: The default is for the password to be blank
  • At the Recovery Console command prompt, type the following then press Enter after each line:
    Note: Be careful to make sure you type each line correctly

cd \windows\system32\config
ren software software.bad
copy \windows\repair\software
exit

Your system should now restart. Let me know if you can boot back into windows, and what you think caused this to happen.

Regards,
RatHat
  • 0

#4
SeniorChief
Posted 29 May 2008 - 02:26 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well, after coming home yesterday to an angry wife, I found that my son, being the curious one he is "had nothing to do with it". Let me mind you that he was the start of the last problem. So, after finding there was a problem I went to investigate the problem. I found that whenever I tryed to log in to any of the safe modes or normal modes it would just keep displaying that horrible faluire message. So.....I currently do not know what caused this to happen.


So what I'm trying to get as is, both my disk drives are broken, so they do not open or run disks.

BUT, I still have recovery mode installed.

(I might have to buy new disk drives though)
  • 0

#5
RatHat
Posted 30 May 2008 - 05:26 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Can you boot Windows after running the above fix via the recovery console?
  • 0

#6
SeniorChief
Posted 30 May 2008 - 02:23 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok, good, it logs on, but something doesn't seem right. It looks like I have an older version of xp now
  • 0

#7
RatHat
Posted 30 May 2008 - 05:41 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
That is probably because we have restored the original software hive from the registry.

Can you download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

And could you let me know anything else about how this may have come about.
  • 0

#8
SeniorChief
Posted 31 May 2008 - 12:12 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well, like I said before, my wife was angry because she had come to use the computer and it was frozen on the screen with the registry failure message. Then she told me that our son had been on the computer the night before. Though my son says that he didn't do anything, I think he is the reason because lately he has been downloading quite a lot of music of a program called "Frost wire."

The reason why I know so little about these problems that happen is because this is my home computer which I don't use because I have my own work computer.

Deckard's System Scanner v20071014.68
Run by Edward on 2008-05-31 13:05:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-31 13:06:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\PSIService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
C:\Documents and Settings\Edward\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O1 - Hosts: 127.0.0.2 http://www.webkinz.com/us_en/
O1 - Hosts: 127.0.0.2 webkinz
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\SYSTEM32\NMSSvc.Exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\SYSTEM32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPcservice.exe


--
End of file - 6089 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

0 adwarealert - system32\drivers\adwarealert.sys (file missing)
3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)
3 catchme - c:\docume~1\edward\locals~1\temp\catchme.sys (file missing)
3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - system32\drivers\el90xbc5.sys (file missing)
3 hkaqyeb.sys - c:\windows\system32\hkaqyeb.sys (file missing)
3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys
3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
3 iAimTV2 - system32\drivers\watv03nt.sys (file missing)
3 IFPUSB (iRiver Internet Audio Player IFP-100) - c:\windows\system32\drivers\ifpusb.sys <Not Verified; iRiver, Inc.; IFP-100>
3 ip6fw (IPv6 Windows Firewall Driver) - system32\drivers\ip6fw.sys (file missing)
2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
1 redbookk - system32\drivers\redbookk.sys (file missing)
3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
3 wanatw (WAN Miniport (ATW)) - system32\drivers\wanatw4.sys (file missing)
3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
2 Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
3 DSBrokerService - c:\program files\dellsupport\brkrsvc.exe
3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
3 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
2 NWCWorkstation (Client Service for NetWare) - c:\windows\system32\svchost.exe
2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - c:\program files\winpcap\rpcapd.exe
3 TuneUp.Defrag (TuneUp Drive Defrag Service) - c:\windows\system32\tuneupdefragservice.exe
2 UxTuneUp (TuneUp Theme Extension) - c:\windows\system32\svchost.exe
2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe
3 YPCService - c:\windows\system32\ypcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 13:00:00 340 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job
2008-05-31 13:00:00 488 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-05-31 02:24:01 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-23 16:16:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-06 21:34:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-06 21:34:25 0 d-------- C:\Program Files\Viewpoint
2008-05-06 21:34:14 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-06 21:33:44 0 d-------- C:\Program Files\AIM6


-- Find3M Report ---------------------------------------------------------------

2008-05-31 13:02:43 0 d-------- C:\Program Files\FrostWire
2008-05-30 16:29:34 14203 --a------ C:\WINDOWS\mozver.dat
2008-05-20 20:56:00 0 d-------- C:\Program Files\PeerGuardian2
2008-05-17 14:55:04 0 d-------- C:\Program Files\Cain
2008-04-28 22:00:15 0 d-------- C:\Documents and Settings\Edward\Application Data\FrostWire
2008-04-16 09:44:43 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-13 22:32:57 0 d-------- C:\Program Files\CamStudio
2008-04-13 00:16:32 0 d-------- C:\Documents and Settings\Edward\Application Data\Thinstall
2008-04-12 21:40:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-12 21:39:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 21:35:15 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-12 17:53:31 0 d-------- C:\Program Files\PowerISO
2008-04-11 18:26:20 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-04 21:28:44 22016 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-04-04 21:21:46 0 d-------- C:\Program Files\WinPcap
2008-04-04 13:54:47 0 d-------- C:\Program Files\Ashkon Software
2008-04-04 13:14:52 0 d-------- C:\Program Files\SpywareBlaster
2008-03-22 23:51:42 74104 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-21 23:02:37 25 --a------ C:\WINDOWS\system32\'
2008-03-20 22:12:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-11 23:03:21 164 --a------ C:\install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [02/09/2008 11:31 PM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" []
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" []
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02/19/2008 10:30 PM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [05/27/2004 09:05 PM]
"DSS"="C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/28/2008 09:28 PM]
"SchedulingAgent"="mstinit.exe" [08/04/2004 03:56 AM C:\WINDOWS\SYSTEM32\mstinit.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 04:21 PM]

C:\Documents and Settings\Edward\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 3:36:04 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [12/11/2002 2:48:23 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/24/2002 4:40:29 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6e-7815-11db-8d54-0007e9bbeae2}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6f-7815-11db-8d54-0007e9bbeae2}]
AutoRun\command- H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8bc06e0-c3bd-11db-8d74-0007e9bbeae2}]
AutoRun\command- F:\LaunchU3.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 webkinz.com
127.0.0.1 http://www.webkinz.com/us_en/
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

7905 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-31 13:13:06 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 61%
Physical Memory (total/avail): 510.98 MiB / 194.93 MiB
Pagefile Memory (total/avail): 1249.95 MiB / 886.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.37 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.73 GiB total, 18.63 GiB free.
G: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
AUState says computer is ready and waiting.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Edward\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DCFTN321
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Edward
LOGONSERVER=\\DCFTN321
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Sonic Shared\Ligos\GoMotion;C:\Program Files\Common Files\Sonic Shared\Ligos\Decoders;C:\Program Files\Common Files\Sonic Shared\MainConcept;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Edward\LOCALS~1\Temp
TMP=C:\DOCUME~1\Edward\LOCALS~1\Temp
USERDOMAIN=DCFTN321
USERNAME=Edward
USERPROFILE=C:\Documents and Settings\Edward
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Edward (admin)
L (admin)
A (admin)
A (admin)
M (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
America Online --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20020605.1) --> C:\WINDOWS\AolCInUn.exe
Arthur's Computer Adventure --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\LIVING~1\DeIsL1.isu"
Arthur's Teacher Trouble --> C:\WINDOWS\uninst.exe -f"c:\games\Arthur\Teacher Trouble\DeIsL1.isu"
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Conexant HSF V92 56K RTAD Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HXFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Dell Modem-On-Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Electronic Arts Game Updater --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu"
Franklin The Turtle School --> C:\WINDOWS\UninstFrankSchool.exe
Green Eggs and Ham --> C:\WINDOWS\uninst.exe -f"c:\games\Green Eggs & Ham\DeIsL1.isu"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
LEGO Alpha Team --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5C8DE40-1AB7-11D4-854E-00A0C99F6AF9}\setup.exe"
Little Bear Rainy Day Activities --> C:\WINDOWS\IsUninst.exe -f"c:\games\little bear\rainy day\Uninst.isu"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Encarta 97 Encyclopedia --> C:\WINDOWS\unenc97.exe
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Need For Speed - Porsche Unleashed --> C:\WINDOWS\IsUninst.exe -fC:\Games\ELECTR~1\NEEDFO~1\uninst.log
Norton AntiVirus 2002 --> MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Pearl Harbor : Zero Hour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9688BE6-D55F-4B62-9422-99AC56572C0F}\setup.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Reader Rabbit 1st Grade® Capers on Cloud Nine!™ --> C:\Program Files\The Learning Company\Reader Rabbit 1st Grade\uninstall.exe
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
Worms2 --> C:\WINDOWS\IsUninst.exe -fc:\games\Worms\Uninst.isu


-- Application Event Log -------------------------------------------------------

Event Record #/Type9741 / Error
Event Submitted/Written: 05/30/2008 04:19:03 PM
Event ID/Source: 28 / WinMgmt
Event Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Event Record #/Type9737 / Warning
Event Submitted/Written: 05/28/2008 03:16:30 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type9735 / Error
Event Submitted/Written: 05/28/2008 02:03:18 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type9734 / Warning
Event Submitted/Written: 05/20/2008 08:20:19 PM
Event ID/Source: 1016 / MsiInstaller
Event Description:
Detection of product '{90300409-6000-11D3-8CFE-0050048383C9}', feature 'Clips', component '{6E632AFF-3BAE-435B-823C-EE1EA099A026}' failed. The resource '\FILES\PFILES\MSOFFICE\MEDIA\CNTCD1\ANIMATED\ANIMATED.DLL' in a run-from-source component could not be located because no valid and accessible source could be found.

Event Record #/Type9733 / Warning
Event Submitted/Written: 05/20/2008 08:20:17 PM
Event ID/Source: 1016 / MsiInstaller
Event Description:
Detection of product '{90300409-6000-11D3-8CFE-0050048383C9}', feature 'Clips', component '{6E632AFF-3BAE-435B-823C-EE1EA099A026}' failed. The resource '\FILES\PFILES\MSOFFICE\MEDIA\CNTCD1\ANIMATED\ANIMATED.DLL' in a run-from-source component could not be located because no valid and accessible source could be found.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4715 / Error
Event Submitted/Written: 05/31/2008 01:13:05 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type4714 / Error
Event Submitted/Written: 05/31/2008 01:13:03 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type4713 / Error
Event Submitted/Written: 05/31/2008 01:13:00 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type4712 / Error
Event Submitted/Written: 05/31/2008 01:12:57 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type4711 / Error
Event Submitted/Written: 05/31/2008 01:12:55 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-05-31 13:13:06 ------------
  • 0

#9
RatHat
Posted 31 May 2008 - 07:56 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the Radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

If the log is too large to post, please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#10
SeniorChief
Posted 01 June 2008 - 06:48 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well, I got the task finished and ready for review: OTScanIt Log (sorry but the file was to big to be uploaded as an attachment)


Quick question: I have notice that nearly half of the applications on this computer no longer work, do you know why this is and if we will be able to get them back?

Thanks!
-SeniorChief
  • 0

Advertisements

#11
RatHat
Posted 01 June 2008 - 08:35 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
I don't know why yet, it sound like you have quite a serious problem though. Could you zip the OTScanIt log and then attach it for me.

Regards,
RatHat
  • 0

#12
SeniorChief
Posted 01 June 2008 - 09:29 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry about that Mark

Attached File  OTScanIt.zip   93.7KB   215 downloads
  • 0

#13
RatHat
Posted 02 June 2008 - 05:25 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK Edward,

Start OTScanIt.exe Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Processes - Non-Microsoft Only]
NY -> psiservice.exe -> %SystemRoot%\SYSTEM32\PSIService.exe
YY -> viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe
[Win32 Services - Non-Microsoft Only]
YY -> (ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\PSIService.exe
YY -> (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe
[Driver Services - Non-Microsoft Only]
YY -> (adwarealert) adwarealert [File_System | Boot | Stopped] -> %SystemRoot%\system32\DRIVERS\adwarealert.sys
YY -> (hkaqyeb.sys) hkaqyeb.sys [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\hkaqyeb.sys
YY -> (redbookk) redbookk [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\redbookk.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> DSS -> %SystemRoot%\BBSTORE\DSS\DSSAGENT.EXE [C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE]
YN -> MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe]
YN -> MoneyStartUp10.0 -> %ProgramFiles%\Microsoft Money\System\Activation.exe ["C:\Program Files\Microsoft Money\System\Activation.exe"]
YN -> NAV Agent -> %SystemDrive%\PROGRA~1\NORTON~1\navapw32.exe [C:\PROGRA~1\NORTON~1\navapw32.exe]
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005] > -> HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> 
< HOSTS File > (224814 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
YN -> 127.0.0.2	http://www.webkinz.com/us_en/ -> 
YN -> 127.0.0.2	webkinz -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\] > -> 
YN -> HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\: URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\] > -> HKEY_USERS\S-1-5-21-3262582141-619540180-3980966549-1005\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {c95fe080-8f5d-11d2-a20b-00aa003c157a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@shdoclc.dll,-866]
YN -> {E023F504-0C5A-4750-A1E7-A9046DEA8A21}:{301DA1EE-F65C-4188-A417-9E915CC8FBFA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Money\System\mnyviewer.dll [MoneySide]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{0483894E-2422-45E0-8384-021AFF1AF3CD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [@shdoclc.dll,-866]
YN -> CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Money\System\mnyviewer.dll [MoneySide]
YN -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
< Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
YN -> shell -> shell protocol not assigned
[Files/Folders - Created Within 90 days]
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 90 days]
NY -> ' -> %SystemRoot%\System32\'
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> comz7 -> %SystemRoot%\System32\comz7
[Extra Files]
Purity
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save Report As Text button:
  • Under Save as type, choose Text file (*.txt)
  • Save the file to your desktop as Kaspersky.txt
  • Copy and paste that information in your next post.


So in your next reply, please include the log from OTScanIt, the MBAM log and the Kaspersky log.

Regards,
  • 0

#14
SeniorChief
Posted 02 June 2008 - 03:08 PM

SeniorChief

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well, the tasks at hand are being completed, but my wife needs to use the printer and it will not print. It keeps coming back with error messages. Do you happen to know how I could fix this?

Also, My Internet Explorer isn't letting me configure my settings to allow ActiveX?
It seems as if I need to reinstall internet explorer because it was corrupted during the time when I couldn't log in.
So as of right now, everything is complete except the Kaspersky WebScanner

Last thing: Everytime I click on My Computer, Control Panal or Internet Explorer this message pops up:
Posted Image

Edited by SeniorChief, 02 June 2008 - 05:12 PM.

  • 0

#15
RatHat
Posted 02 June 2008 - 05:25 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Edward,

This will be due to the replacement of the Software Registry Hive with a backed up version. You will need to re-install the printer, to redo the registry entries.

Regards,
RatHat
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP