Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

C:\<path> is not a valid win32 application. [CLOSED]


  • This topic is locked This topic is locked

#1
LSUTigersTJ2007

LSUTigersTJ2007

    Member

  • Member
  • PipPip
  • 15 posts
I seen this thread already resovled, but I can't seem to get it off that. At this point, my brother in law has tried to do it and I believe messed something up further as far as file extensions. At first I would get "C:\<path> is not a valid win32 application." when trying to open applications, now I just get nothing. I've tried looking at the self-help stuff, but since I can get any files to open it makes it hard to self-help seeing as its currently 3:03am :)
Any help would be greatly appritiated.

Only thing I was able to get out of the other post was a Silent Runners log because its not .exe
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"Vidalia" = ""C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"" [file not found]
"P2kAutostart" = "(empty string)" [file not found]
"BitComet" = ""C:\Program Files\BitComet\BitComet.exe" /tray" [file not found]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
										\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
									   \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
									   \StubPath   = "rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{32341E7E-C319-46DE-91D0-E30BB1A3CABA}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\khFxvSij.dll" [null data]
{9EAEFD87-9877-4522-8B72-350974735E7B}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\aWOhgDwv.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
				   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
  -> {HKLM...CLSID} = "KodakShellExtension"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "My Sharing Folders"
				   \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
  -> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{32341E7E-C319-46DE-91D0-E30BB1A3CABA}" = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\khFxvSij.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\aWOhgDwv"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> khFxvSij\DLLName = "khFxvSij.dll" [null data]
<<!>> __c00C4931\DLLName = "C:\WINDOWS\system32\__c00C4931.dat" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
  -> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" [file not found]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.exe\(Default) = "jarfile"
<<!>> HKLM\SOFTWARE\Classes\jarfile\shell\open\command\(Default) = "C:\WINDOWS\system32\rundll32.exe "%1"" [MS]
<<!>> HKLM\SOFTWARE\Classes\jarfile\shell\open\ddeexec\(Default) = (null value)
<<!>> HKLM\SOFTWARE\Classes\jarfile\shell\open\ddeexec\Application\(Default) = "javaw"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Desktop\desktop.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\TJ.DADDYSTOY\Desktop\desktop.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

Corel Photo Album 6HandleCDBurningOnArrival\
"Provider" = "Corel Photo Album 6"
"InvokeProgID" = "CorelPhotoAlbumFolder"
"InvokeVerb" = "BurnCD"
HKLM\SOFTWARE\Classes\CorelPhotoAlbumFolder\shell\BurnCD\command\(Default) = "C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE -burncdlaunch" ["Corel, Inc."]

Corel Photo Album 6ShowPicturesOnArrivalHandler\
"Provider" = "Corel Photo Album 6"
"InvokeProgID" = "CorelPhotoAlbumFolder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CorelPhotoAlbumFolder\shell\open\command\(Default) = "C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1"" ["Corel, Inc."]

DMXPlayDVD\
"Provider" = "Dell CinePlayer"
"InvokeProgID" = "DMX.PLAYDVD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\DMX.PLAYDVD\shell\Play\Command\(Default) = "C:\Program Files\Dell\Media Experience\DMX.exe DVD "Play %1"" [null data]

EHomeMusicDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}"
  -> {HKLM...CLSID} = "EHomeMusicDropTarget Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomePhotosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}"
  -> {HKLM...CLSID} = "EHomePhotosHandler Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideoDropTarget\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}"
  -> {HKLM...CLSID} = "EHomeVideoDropTarget Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

EHomeVideosHandler\
"Provider" = "Media Center"
"InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}"
  -> {HKLM...CLSID} = "EHomeVideosHandler Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
				   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

Paint Shop Pro XShowPicturesOnArrivalHandler\
"Provider" = "Corel Paint Shop Pro X"
"InvokeProgID" = "PaintShopProX.Image"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\PaintShopProX.Image\shell\open\command\(Default) = ""C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe" /dde" ["Corel, Inc."]

PTSOnArrivalHandler\
"Provider" = "Kodak EasyShare software"
"InvokeProgID" = "Ptswia.WiaEvents.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\shell\open\DropTarget\CLSID = "{66A41C80-C64A-45A9-8BC9-0D58DE47C007}"
  -> {HKLM...CLSID} = "WiaEvents Class"
				   \LocalServer32\(Default) = "C:\PROGRA~1\Kodak\KODAKE~1\bin\ptswia.exe" [empty string]

SonicSCAudioCDTask\
"Provider" = "Roxio RecordNow Audio"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {EBD22732-1CC3-4CD7-9A45-B8D98DA0E784}" [null data]

SonicSCCopyCD\
"Provider" = "Roxio RecordNow Copy"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]

SonicSCCopyDisc\
"Provider" = "Roxio RecordNow Copy"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {49B235A3-1C3E-4802-9B5C-BAFBE69A3C85}" [null data]

SonicSCDataProject\
"Provider" = "Roxio RecordNow Data"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch Data" [null data]

SonicSCDataTask\
"Provider" = "Roxio RecordNow Data"
"InvokeProgID" = "Sonic.SonicCentral"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Sonic.SonicCentral\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" /Launch {0BAC5C34-DF45-4C0F-8D64-8E92DCCF007D}" [null data]

SonicVideoCameraArrival\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = "new"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
  -> {HKLM...CLSID} = "MyDVDAPHandler Class"
				   \LocalServer32\(Default) = ""C:\Program Files\Roxio\MyDVD\MyDVD.EXE" -autoplay" ["Sonic Solutions"]

SonicVideoCameraArrivalDirect\
"Provider" = "Sonic Solutions"
"ProgID" = "MyDVD.MyDVDAPHandler"
"InitCmdLine" = "direct"
HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = "{3D5EF619-F606-4FAA-97C0-222B7DCA05EC}"
  -> {HKLM...CLSID} = "MyDVDAPHandler Class"
				   \LocalServer32\(Default) = ""C:\Program Files\Roxio\MyDVD\MyDVD.EXE" -autoplay" ["Sonic Solutions"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
  -> {HKLM...CLSID} = (no title provided)
				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

ZunePlayCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603"
"InvokeProgID" = "Microsoft.Zune.2.AudioCD"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.AudioCD\shell\Play\Command\(Default) = ""c:\Program Files\Zune\Zune.exe" /PlayCD:"%L"" [MS]

ZunePlayMediaOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603"
"InvokeProgID" = "Microsoft.Zune.2.PlayMedia"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.PlayMedia\shell\Play\Command\(Default) = ""c:\Program Files\Zune\Zune.exe" /PlayMedia:"%L"" [MS]

ZuneRipCDAudioOnArrival\
"Provider" = "@c:\Program Files\Zune\en-US\ZuneResources.dll.mui,-603"
"InvokeProgID" = "Microsoft.Zune.2.RipCD"
"InvokeVerb" = "Rip"
HKLM\SOFTWARE\Classes\Microsoft.Zune.2.RipCD\shell\Rip\Command\(Default) = ""c:\Program Files\Zune\Zune.exe" /RipCD:"%L"" [MS]


Startup items in "TJ" & "All Users" startup folders:
----------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Uniblue SpeedUpMyPC Nag" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" [file not found]
"Uniblue SpeedUpMyPC" -> launches: "C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\
"ButtonText" = "BitComet"
"Script" = "res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206" ["BitComet"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{F47C1DB5-ED21-4DC1-853E-D1495792D4C5}\
"ButtonText" = "Bodog Poker"
"Exec" = "C:\Program Files\Bodog Poker\BPGame.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

dlcx_device, dlcx_device, "C:\WINDOWS\system32\dlcxcoms.exe -service" [" "]
Icecast Media Server, Icecast, ""C:\Program Files\Icecast2 Win32\icecastService.exe" "C:\Program Files\Icecast2 Win32"" [null data]
Intel(R) Matrix Storage Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe" ["Intel Corporation"]
Intel® Quick Resume Technology Drivers, ELService, ""C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe"" ["Intel Corporation"]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
Symantec Core LC, Symantec Core LC, "C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Ventrilo, Ventrilo, "C:\Program Files\VentSrv\ventrilo_svc.exe" [null data]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Zune Bus Enumerator, ZuneBusEnum, "c:\WINDOWS\system32\ZuneBusEnum.exe" [MS]


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "ELkbd" ["Intel Corporation"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Dell 926 Port\Driver = "dlcxlmpm.dll" [" "]
Dell Print-2-Fax Port\Driver = "DLPRMON.DLL" [empty string]


---------- (launch time: 2008-06-10 03:20:40)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 34 seconds, including 5 seconds for message boxes)

Edited by LSUTigersTJ2007, 10 June 2008 - 02:22 AM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Run DSS again, using these instructions:

Click START> Run - then copy the following bold blue text and paste it into the Run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.

Click on Scan.

Place a checkmark next to the entries displayed when the scan is finished then Click on Fix.

Repeat the scan; you should get a message "All Associations OK!"

Next, click Save Log, and post this log in your next reply.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
LSUTigersTJ2007

LSUTigersTJ2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
When trying to run the bold text I ge this message.
"Windows cannot find 'C:\Documents and Settings\TJ.DADDYSTOY\desktop\dss.exe'. Make sure you typed the name correctly, and try again. To search for a file, click the Start button, and then click Search."
  • 0

#4
LSUTigersTJ2007

LSUTigersTJ2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My brother-in-law walked me through how to fix this problem so I have resolved it now.
He sent me a program that can fix the .exe problem I had so I could atleast run .exe again to use different fixes for the other problems taking place. It would probably be an asset if yall had it for future references If people have this same issue, so I suppose I could leave a link to it and knock out some steps they would have to take to get their .exe extension back. :)
http://www.winhelpon...m/exefix_xp.com

If I fail to remove the rest of the viruses and stuff I may be back to repost, but it seems as it would be all downhill from here. Thanks for the time.
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP