Does that take care of the IE error?
Regards,
[Referred]Ad-Aware logfile help
Started by
jasonfultz
, May 05 2005 07:13 PM
#16
Posted 27 June 2005 - 12:55 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Does that take care of the IE error?
Regards,
#17
Posted 27 June 2005 - 05:36 PM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
When I go to the Control Panel of Windows 2000 Professional, I do not see a Java Plugin. I did open up Internet Options and looked around for something similar to what you described, but I wasn't able to find anything that fit your description.
Any other ideas?
Jason...
Any other ideas?
Jason...
#18
Posted 28 June 2005 - 02:02 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
That is strange.
Can you find this folder:
C:\Documents and Settings\Jason Fultz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file
When found delete everything in it, NOT the folder itself just the content.
Regards,
Can you find this folder:
C:\Documents and Settings\Jason Fultz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file
When found delete everything in it, NOT the folder itself just the content.
Regards,
#19
Posted 28 June 2005 - 02:07 AM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
Ok, I found the directory you described and deleted all 5 hundred-something files in it, but I left the folder itself.
I tried to start up IE again afterwards, and found the same problem.
Jason...
I tried to start up IE again afterwards, and found the same problem.
Jason...
#20
Posted 28 June 2005 - 02:47 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Can you try if installing Java again solves it.
http://www.java.com/...load/manual.jsp
I can't help thinking that this is a critical factor in this problem.
Regards,
http://www.java.com/...load/manual.jsp
I can't help thinking that this is a critical factor in this problem.
Regards,
#21
Posted 28 June 2005 - 03:00 PM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
I downloaded the file from the link you gave me. I installed j2se, as suggested. Then I rebooted and attempted to start up IE. Again, I was met with failure; the same error message appeared.
#22
Posted 29 June 2005 - 09:15 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Can you try something for me?
Click Start > Run > type regsvr32 user32.dll > OK
Let me know what the prompt says that you will get.
Regards,
Click Start > Run > type regsvr32 user32.dll > OK
Let me know what the prompt says that you will get.
Regards,
#23
Posted 29 June 2005 - 12:39 PM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
I'll do just about anything you ask if it helps me fix this annoying problem. 
When I run the command as you described it, I get the following message:
"user32.dll was loaded, but the DllRegisterServer entry point was not found.
DllRegisterServer may not be exported, or a corrupt version of user32.dll may be in memory. Consider using PView to detect and remove it."
Sounds like you're on to something...what, I don't know yet.
When I run the command as you described it, I get the following message:
"user32.dll was loaded, but the DllRegisterServer entry point was not found.
DllRegisterServer may not be exported, or a corrupt version of user32.dll may be in memory. Consider using PView to detect and remove it."
Sounds like you're on to something...what, I don't know yet.
#24
Posted 29 June 2005 - 01:17 PM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Download and run: http://www.silentrun...ent Runners.vbs
Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.
Let it run. It can take a few minutes. When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.
Regards,
Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.
Let it run. It can take a few minutes. When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.
Regards,
#25
Posted 29 June 2005 - 01:24 PM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
As you requested:
****************************************
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Terminate Popup" = "d:\Program Files\Zero-PopUps\zpu.exe" [file not found]
"Mozilla Quick Launch" = ""d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"EPoXUSDM" = ""D:\Program Files\EPoX\USDM\USDM.EXE" "5000"" ["EPoX COMPUTER CO.,LTD."]
"iTunesHelper" = "D:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\ymmapi.dll" [file not found]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\ymmapi.dll" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\Web\Wallpaper\Boiling Point.jpg"
Startup items in "Jason Fultz" & "All Users" startup folders:
-------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"InterVideo WinCinema Manager" -> shortcut to: "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"MA111 Configuration Utility" -> shortcut to: "D:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe" [null data]
"Microsoft Find Fast" -> shortcut to: "D:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
"Microtek Scanner Finder" -> shortcut to: "D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe" [empty string]
"Office Startup" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINNT\system32\Wtablet\TabUserW.exe" ["Wacom Technology, Corp."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Alias Documentation Server, aliasdocserver, ""D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf"" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaSrv, C-DillaSrv, "C:\WINNT\System32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
ewido security suite control, ewido security suite control, "d:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "d:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Gear Security Service, GEARSecurity, "C:\WINNT\system32\gearsec.exe" ["GEAR Software"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
MySql, MySql, "D:/mysql/bin/mysqld-nt.exe" [null data]
TabletService, TabletService, "C:\WINNT\system32\Tablet.exe" ["Wacom Technology, Corp."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 126 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 180 seconds)
****************************************
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Terminate Popup" = "d:\Program Files\Zero-PopUps\zpu.exe" [file not found]
"Mozilla Quick Launch" = ""d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"EPoXUSDM" = ""D:\Program Files\EPoX\USDM\USDM.EXE" "5000"" ["EPoX COMPUTER CO.,LTD."]
"iTunesHelper" = "D:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\ymmapi.dll" [file not found]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\ymmapi.dll" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\Web\Wallpaper\Boiling Point.jpg"
Startup items in "Jason Fultz" & "All Users" startup folders:
-------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"InterVideo WinCinema Manager" -> shortcut to: "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"MA111 Configuration Utility" -> shortcut to: "D:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe" [null data]
"Microsoft Find Fast" -> shortcut to: "D:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
"Microtek Scanner Finder" -> shortcut to: "D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe" [empty string]
"Office Startup" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINNT\system32\Wtablet\TabUserW.exe" ["Wacom Technology, Corp."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Alias Documentation Server, aliasdocserver, ""D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf"" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaSrv, C-DillaSrv, "C:\WINNT\System32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
ewido security suite control, ewido security suite control, "d:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "d:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Gear Security Service, GEARSecurity, "C:\WINNT\system32\gearsec.exe" ["GEAR Software"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
MySql, MySql, "D:/mysql/bin/mysqld-nt.exe" [null data]
TabletService, TabletService, "C:\WINNT\system32\Tablet.exe" ["Wacom Technology, Corp."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 126 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 180 seconds)
#26
Posted 30 June 2005 - 05:11 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
In IE click Tools > Internet Options > on the general tab click Delete Files and put a checkmark in the include Offline content box
Then on the programs tab click reset websettings.
On the Connections tab check if the connections listed there are legit.
Remove anything that was not added by yourself.
Regards,
Then on the programs tab click reset websettings.
On the Connections tab check if the connections listed there are legit.
Remove anything that was not added by yourself.
Regards,
#27
Posted 30 June 2005 - 12:44 PM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
Well, I still can't open IE, so instead I went to Control Panel > Internet Options > then on the general tab I clicked Delete Files. But there was no checkmark option for Offline Content anywhere on any of the tabs that I saw.
Next, I proceeded to the Programs tab and click Reset Web Settings, including resetting my homepage, which it asked about.
When on the Connections tab, I had no connections listed at all. I did find, however, a Blocked/Allow addresses list that I removed style.com from that allowed access always. I'm not sure if I put that in there or not a long time ago, so I removed it anyway.
After all of these changes, I tried opening IE again, and as usual it failed.
I don't know if this is it or not, but could this have anything to do with Spybot or Adaware? I've never had a problem with them before, but after the virus hit me maybe I did some things that screwed up the relationship between them?? *shrugs*
Next, I proceeded to the Programs tab and click Reset Web Settings, including resetting my homepage, which it asked about.
When on the Connections tab, I had no connections listed at all. I did find, however, a Blocked/Allow addresses list that I removed style.com from that allowed access always. I'm not sure if I put that in there or not a long time ago, so I removed it anyway.
After all of these changes, I tried opening IE again, and as usual it failed.
I don't know if this is it or not, but could this have anything to do with Spybot or Adaware? I've never had a problem with them before, but after the virus hit me maybe I did some things that screwed up the relationship between them?? *shrugs*
#28
Posted 01 July 2005 - 12:33 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
I wish I knew, but we'll keep looking.
Can you do a Find files for iexplore.exe ?
Let me know where copies of this file are found.
Regards,
Can you do a Find files for iexplore.exe ?
Let me know where copies of this file are found.
Regards,
#29
Posted 01 July 2005 - 03:02 AM
jasonfultz
- Topic Starter
-
- Member
-
- 71 posts
Member
You betcha:
IEXPLORE.EXE: C:\Program Files\Internet Explorer
iexplore.exe: C:\WINNT\system32\dllcache
IEXPLORE.EXE: E:\Program Files\Internet Explorer
And that's about it.
Any idea why it's in my system32 directory and not in all-caps like the other ones?
IEXPLORE.EXE: C:\Program Files\Internet Explorer
iexplore.exe: C:\WINNT\system32\dllcache
IEXPLORE.EXE: E:\Program Files\Internet Explorer
And that's about it.
Any idea why it's in my system32 directory and not in all-caps like the other ones?
#30
Posted 01 July 2005 - 08:03 AM
Metallica
-
- GeekU Moderator
-
- 33,101 posts
Spyware Veteran
Good. Don't worry about the caps. Windows doesn't "see" the difference
In this following order please.
Rename C:\Program Files\Internet Explorer\iexplore.exe to iexplore.old
Copy C:\WINNT\system32\dllcache\IEXPLORE.EXE to C:\Program Files\Internet Explorer\iexplore.exe
Let me know if that works and helps. It may take a reboot for full effect.
Regards,
In this following order please.
Rename C:\Program Files\Internet Explorer\iexplore.exe to iexplore.old
Copy C:\WINNT\system32\dllcache\IEXPLORE.EXE to C:\Program Files\Internet Explorer\iexplore.exe
Let me know if that works and helps. It may take a reboot for full effect.
Regards,
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
