Excal
Hijackthis log [RESOLVED]
#106
Posted 22 August 2005 - 07:29 PM
Excal
#107
Posted 22 August 2005 - 07:45 PM
AboutBuster 5.0 reference file 31
Scan started on [8/22/2005] at [8:37:32 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:38:08 PM
Logfile of HijackThis v1.99.1
Scan saved at 8:45:40 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\earthlinkim\aim.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe
O9 - Extra button: PD - {EC3DAB87-C8C9-49A4-BEEB-B631A4B5EFF3} - C:\Program Files\Pop up Blocker\pd.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096169702640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124393047008
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.c.../ymmapi_416.dll
O18 - Protocol: bw+0 - (no CLSID) - (no file)
O18 - Protocol: bw+0s - (no CLSID) - (no file)
O18 - Protocol: bw-0 - (no CLSID) - (no file)
O18 - Protocol: bw-0s - (no CLSID) - (no file)
O18 - Protocol: bw00 - (no CLSID) - (no file)
O18 - Protocol: bw00s - (no CLSID) - (no file)
O18 - Protocol: bw10 - (no CLSID) - (no file)
O18 - Protocol: bw10s - (no CLSID) - (no file)
O18 - Protocol: bw20 - (no CLSID) - (no file)
O18 - Protocol: bw20s - (no CLSID) - (no file)
O18 - Protocol: bw30 - (no CLSID) - (no file)
O18 - Protocol: bw30s - (no CLSID) - (no file)
O18 - Protocol: bw40 - (no CLSID) - (no file)
O18 - Protocol: bw40s - (no CLSID) - (no file)
O18 - Protocol: bw50 - (no CLSID) - (no file)
O18 - Protocol: bw50s - (no CLSID) - (no file)
O18 - Protocol: bw60 - (no CLSID) - (no file)
O18 - Protocol: bw60s - (no CLSID) - (no file)
O18 - Protocol: bw70 - (no CLSID) - (no file)
O18 - Protocol: bw70s - (no CLSID) - (no file)
O18 - Protocol: bw80 - (no CLSID) - (no file)
O18 - Protocol: bw80s - (no CLSID) - (no file)
O18 - Protocol: bw90 - (no CLSID) - (no file)
O18 - Protocol: bw90s - (no CLSID) - (no file)
O18 - Protocol: bwa0 - (no CLSID) - (no file)
O18 - Protocol: bwa0s - (no CLSID) - (no file)
O18 - Protocol: bwb0 - (no CLSID) - (no file)
O18 - Protocol: bwb0s - (no CLSID) - (no file)
O18 - Protocol: bwc0 - (no CLSID) - (no file)
O18 - Protocol: bwc0s - (no CLSID) - (no file)
O18 - Protocol: bwd0 - (no CLSID) - (no file)
O18 - Protocol: bwd0s - (no CLSID) - (no file)
O18 - Protocol: bwe0 - (no CLSID) - (no file)
O18 - Protocol: bwe0s - (no CLSID) - (no file)
O18 - Protocol: bwf0 - (no CLSID) - (no file)
O18 - Protocol: bwf0s - (no CLSID) - (no file)
O18 - Protocol: bwg0 - (no CLSID) - (no file)
O18 - Protocol: bwg0s - (no CLSID) - (no file)
O18 - Protocol: bwh0 - (no CLSID) - (no file)
O18 - Protocol: bwh0s - (no CLSID) - (no file)
O18 - Protocol: bwi0 - (no CLSID) - (no file)
O18 - Protocol: bwi0s - (no CLSID) - (no file)
O18 - Protocol: bwj0 - (no CLSID) - (no file)
O18 - Protocol: bwj0s - (no CLSID) - (no file)
O18 - Protocol: bwk0 - (no CLSID) - (no file)
O18 - Protocol: bwk0s - (no CLSID) - (no file)
O18 - Protocol: bwl0 - (no CLSID) - (no file)
O18 - Protocol: bwl0s - (no CLSID) - (no file)
O18 - Protocol: bwm0 - (no CLSID) - (no file)
O18 - Protocol: bwm0s - (no CLSID) - (no file)
O18 - Protocol: bwn0 - (no CLSID) - (no file)
O18 - Protocol: bwn0s - (no CLSID) - (no file)
O18 - Protocol: bwo0 - (no CLSID) - (no file)
O18 - Protocol: bwo0s - (no CLSID) - (no file)
O18 - Protocol: bwp0 - (no CLSID) - (no file)
O18 - Protocol: bwp0s - (no CLSID) - (no file)
O18 - Protocol: bwq0 - (no CLSID) - (no file)
O18 - Protocol: bwq0s - (no CLSID) - (no file)
O18 - Protocol: bwr0 - (no CLSID) - (no file)
O18 - Protocol: bwr0s - (no CLSID) - (no file)
O18 - Protocol: bws0 - (no CLSID) - (no file)
O18 - Protocol: bws0s - (no CLSID) - (no file)
O18 - Protocol: bwt0 - (no CLSID) - (no file)
O18 - Protocol: bwt0s - (no CLSID) - (no file)
O18 - Protocol: bwu0 - (no CLSID) - (no file)
O18 - Protocol: bwu0s - (no CLSID) - (no file)
O18 - Protocol: bwv0 - (no CLSID) - (no file)
O18 - Protocol: bwv0s - (no CLSID) - (no file)
O18 - Protocol: bww0 - (no CLSID) - (no file)
O18 - Protocol: bww0s - (no CLSID) - (no file)
O18 - Protocol: bwx0 - (no CLSID) - (no file)
O18 - Protocol: bwx0s - (no CLSID) - (no file)
O18 - Protocol: bwy0 - (no CLSID) - (no file)
O18 - Protocol: bwy0s - (no CLSID) - (no file)
O18 - Protocol: bwz0 - (no CLSID) - (no file)
O18 - Protocol: bwz0s - (no CLSID) - (no file)
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
The good news is I am pretty sure I haven't had a popup today. I think it has been ever since we found that hidden netdde.exe in the system32 folder. It is still in my recycling bin, do you want me to empty it?
EDIT: Nvm, I think I already emptied it lol.
Edited by Sk0rch, 22 August 2005 - 07:47 PM.
#108
Posted 22 August 2005 - 07:58 PM
Excal
#109
Posted 22 August 2005 - 11:04 PM
And I went to control panel and removed logitech but it is still there. Also I haven't had a popup all day .
#110
Posted 22 August 2005 - 11:09 PM
Make sure you have ewido off, and try to check off those O18's in safe mode.
Excal
#111
Posted 22 August 2005 - 11:23 PM
You want me to have ewido off while I check off the O18's? Or have it off in general? Because it finds a lot of malicious things with that infect alert.
Edited by Sk0rch, 22 August 2005 - 11:24 PM.
#112
Posted 22 August 2005 - 11:26 PM
Excal
#113
Posted 22 August 2005 - 11:36 PM
#114
Posted 22 August 2005 - 11:43 PM
Excal
#115
Posted 27 August 2005 - 04:45 PM
Logfile of HijackThis v1.99.1
Scan saved at 5:44:55 PM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\earthlinkim\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096169702640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124393047008
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.c.../ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DF65C0F-7292-4D21-8937-D46BD8F1A1E7}: NameServer = 206.141.192.60 206.141.193.55
O18 - Protocol: bw+0 - (no CLSID) - (no file)
O18 - Protocol: bw+0s - (no CLSID) - (no file)
O18 - Protocol: bw-0 - (no CLSID) - (no file)
O18 - Protocol: bw-0s - (no CLSID) - (no file)
O18 - Protocol: bw00 - (no CLSID) - (no file)
O18 - Protocol: bw00s - (no CLSID) - (no file)
O18 - Protocol: bw10 - (no CLSID) - (no file)
O18 - Protocol: bw10s - (no CLSID) - (no file)
O18 - Protocol: bw20 - (no CLSID) - (no file)
O18 - Protocol: bw20s - (no CLSID) - (no file)
O18 - Protocol: bw30 - (no CLSID) - (no file)
O18 - Protocol: bw30s - (no CLSID) - (no file)
O18 - Protocol: bw40 - (no CLSID) - (no file)
O18 - Protocol: bw40s - (no CLSID) - (no file)
O18 - Protocol: bw50 - (no CLSID) - (no file)
O18 - Protocol: bw50s - (no CLSID) - (no file)
O18 - Protocol: bw60 - (no CLSID) - (no file)
O18 - Protocol: bw60s - (no CLSID) - (no file)
O18 - Protocol: bw70 - (no CLSID) - (no file)
O18 - Protocol: bw70s - (no CLSID) - (no file)
O18 - Protocol: bw80 - (no CLSID) - (no file)
O18 - Protocol: bw80s - (no CLSID) - (no file)
O18 - Protocol: bw90 - (no CLSID) - (no file)
O18 - Protocol: bw90s - (no CLSID) - (no file)
O18 - Protocol: bwa0 - (no CLSID) - (no file)
O18 - Protocol: bwa0s - (no CLSID) - (no file)
O18 - Protocol: bwb0 - (no CLSID) - (no file)
O18 - Protocol: bwb0s - (no CLSID) - (no file)
O18 - Protocol: bwc0 - (no CLSID) - (no file)
O18 - Protocol: bwc0s - (no CLSID) - (no file)
O18 - Protocol: bwd0 - (no CLSID) - (no file)
O18 - Protocol: bwd0s - (no CLSID) - (no file)
O18 - Protocol: bwe0 - (no CLSID) - (no file)
O18 - Protocol: bwe0s - (no CLSID) - (no file)
O18 - Protocol: bwf0 - (no CLSID) - (no file)
O18 - Protocol: bwf0s - (no CLSID) - (no file)
O18 - Protocol: bwg0 - (no CLSID) - (no file)
O18 - Protocol: bwg0s - (no CLSID) - (no file)
O18 - Protocol: bwh0 - (no CLSID) - (no file)
O18 - Protocol: bwh0s - (no CLSID) - (no file)
O18 - Protocol: bwi0 - (no CLSID) - (no file)
O18 - Protocol: bwi0s - (no CLSID) - (no file)
O18 - Protocol: bwj0 - (no CLSID) - (no file)
O18 - Protocol: bwj0s - (no CLSID) - (no file)
O18 - Protocol: bwk0 - (no CLSID) - (no file)
O18 - Protocol: bwk0s - (no CLSID) - (no file)
O18 - Protocol: bwl0 - (no CLSID) - (no file)
O18 - Protocol: bwl0s - (no CLSID) - (no file)
O18 - Protocol: bwm0 - (no CLSID) - (no file)
O18 - Protocol: bwm0s - (no CLSID) - (no file)
O18 - Protocol: bwn0 - (no CLSID) - (no file)
O18 - Protocol: bwn0s - (no CLSID) - (no file)
O18 - Protocol: bwo0 - (no CLSID) - (no file)
O18 - Protocol: bwo0s - (no CLSID) - (no file)
O18 - Protocol: bwp0 - (no CLSID) - (no file)
O18 - Protocol: bwp0s - (no CLSID) - (no file)
O18 - Protocol: bwq0 - (no CLSID) - (no file)
O18 - Protocol: bwq0s - (no CLSID) - (no file)
O18 - Protocol: bwr0 - (no CLSID) - (no file)
O18 - Protocol: bwr0s - (no CLSID) - (no file)
O18 - Protocol: bws0 - (no CLSID) - (no file)
O18 - Protocol: bws0s - (no CLSID) - (no file)
O18 - Protocol: bwt0 - (no CLSID) - (no file)
O18 - Protocol: bwt0s - (no CLSID) - (no file)
O18 - Protocol: bwu0 - (no CLSID) - (no file)
O18 - Protocol: bwu0s - (no CLSID) - (no file)
O18 - Protocol: bwv0 - (no CLSID) - (no file)
O18 - Protocol: bwv0s - (no CLSID) - (no file)
O18 - Protocol: bww0 - (no CLSID) - (no file)
O18 - Protocol: bww0s - (no CLSID) - (no file)
O18 - Protocol: bwx0 - (no CLSID) - (no file)
O18 - Protocol: bwx0s - (no CLSID) - (no file)
O18 - Protocol: bwy0 - (no CLSID) - (no file)
O18 - Protocol: bwy0s - (no CLSID) - (no file)
O18 - Protocol: bwz0 - (no CLSID) - (no file)
O18 - Protocol: bwz0s - (no CLSID) - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
#116
Posted 28 August 2005 - 02:33 AM
can I ask what the O16's O12's and O23's are?
The O16's are activeX installers and they are all legit
That O12 is Adobe Internet Explorer Plugin
the 023's are Non Microsoft services and they both are legit
I am stumped with the about:buster popups!
Let me do some more research....ack!
Excal
#117
Posted 28 August 2005 - 02:47 AM
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
Also I'd like to see the values in a registry key..
Please download and install Registrar Lite. Run reglite and paste this line into the address box:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
Click on 'Go', then highlight AboutURLs in the right pane. Click File >> Export and save the export in a convenient place. Then, locate the file, Right-click >> Edit, and paste the contents of the file here for me to see.
#118
Posted 28 August 2005 - 10:03 AM
#119
Posted 28 August 2005 - 10:39 AM
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://shdoclc.dll/navcancl.htm"
"DesktopItemNavigationFailure"="res://shdoclc.dll/navcancl.htm"
"NavigationCanceled"="res://shdoclc.dll/navcancl.htm"
"OfflineInformation"="res://shdoclc.dll/offcancl.htm"
"Home"=dword:0000010e
"blank"="res://mshtml.dll/blank.htm"
"PostNotCached"="res://mshtml.dll/repost.htm"
And here is the log for the Rootkit thing.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 8/28/2005 10:59 AM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs 6/30/2004 3:35 PM 64 bytes Windows API length not consistent with raw hive data.
C:\Documents and Settings\Owner\Desktop\exports.reg 8/28/2005 11:02 AM 420 bytes Hidden from Windows API.
C:\Documents and Settings\Owner\Desktop\Registrar Lite.lnk 8/28/2005 11:01 AM 1.52 KB Hidden from Windows API.
C:\Documents and Settings\Owner\Desktop\reglite.exe 8/28/2005 11:01 AM 1.99 MB Hidden from Windows API.
C:\Documents and Settings\Owner\Desktop\WinsockXPFix-1.exe 8/28/2005 11:07 AM 1.35 MB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Desktop\WinsockXPFix.exe 8/28/2005 11:07 AM 1.35 MB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-1\728x90_motorolalove30k_alt.swf 8/28/2005 11:05 AM 29.61 KB Hidden from Windows API.
C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-1\free_poleflyer_xxxx_336x280.swf 8/28/2005 10:58 AM 30.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA 8/28/2005 11:07 AM 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\DELXP.reg 8/28/2005 11:07 AM 172 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERDNT.E_E 8/28/2005 11:07 AM 23.03 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERDNTDOS.LOC 8/28/2005 11:07 AM 2.54 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERDNTDOS.OVL 8/28/2005 11:07 AM 18.21 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERDNTWIN.LOC 8/28/2005 11:07 AM 2.94 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERDNTWIN.OVL 8/28/2005 11:07 AM 198.50 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERUNT.exe 8/28/2005 11:07 AM 203.50 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\ERUNT.LOC 8/28/2005 11:07 AM 4.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\Hosts 8/28/2005 11:07 AM 736 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\xpwinsock.reg 8/28/2005 11:07 AM 10.84 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\VBDATA\xpwinsock2.reg 8/28/2005 11:07 AM 110.18 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5248.tmp 8/28/2005 11:07 AM 16.00 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Owner\Recent\exports.txt.lnk 8/28/2005 11:03 AM 541 bytes Hidden from Windows API.
C:\Documents and Settings\Owner\Start Menu\Programs\Registrar Lite 8/28/2005 11:01 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Owner\Start Menu\Programs\Registrar Lite\Help.lnk 8/28/2005 11:01 AM 1.53 KB Hidden from Windows API.
C:\Documents and Settings\Owner\Start Menu\Programs\Registrar Lite\Registrar Lite.lnk 8/28/2005 11:01 AM 679 bytes Hidden from Windows API.
C:\Program Files\Registrar Lite 8/28/2005 11:01 AM 0 bytes Hidden from Windows API.
C:\Program Files\Registrar Lite\default.ini 10/12/2000 7:13 AM 83.49 KB Hidden from Windows API.
C:\Program Files\Registrar Lite\file_id.diz 8/6/2002 7:07 PM 417 bytes Hidden from Windows API.
C:\Program Files\Registrar Lite\INSTALL.LOG 8/28/2005 11:01 AM 2.76 KB Hidden from Windows API.
C:\Program Files\Registrar Lite\readme.txt 8/2/2002 10:06 AM 971 bytes Hidden from Windows API.
C:\Program Files\Registrar Lite\rl.chm 8/7/2002 7:29 PM 1.07 MB Hidden from Windows API.
C:\Program Files\Registrar Lite\rl.exe 8/11/2002 7:55 PM 1.94 MB Hidden from Windows API.
C:\Program Files\Registrar Lite\rrsec.dll 2/17/2002 2:23 PM 110.00 KB Hidden from Windows API.
C:\Program Files\Registrar Lite\rrSec2k.exe 10/12/2000 7:13 AM 88.04 KB Hidden from Windows API.
C:\Program Files\Registrar Lite\UNWISE.EXE 5/24/2001 12:59 PM 158.50 KB Hidden from Windows API.
C:\Program Files\Registrar Lite\UNWISE.INI 8/28/2005 11:01 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\IPCONFIG.EXE-05D7908C.pf 8/28/2005 11:07 AM 20.84 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Prefetch\NETSH.EXE-23AED181.pf 8/28/2005 11:07 AM 24.85 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf 8/28/2005 11:07 AM 14.87 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Prefetch\RL.EXE-0CBA5D4F.pf 8/28/2005 11:02 AM 21.90 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\WINSOCKXPFIX-1.EXE-24E4C753.pf 8/28/2005 11:07 AM 16.57 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\resetlog.txt 8/28/2005 11:07 AM 9.17 KB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\system32\comionc.dll 9/25/2004 11:28 PM 56.00 KB Hidden from Windows API.
C:\WINDOWS\system32\drivers\etc\hosts.bak 6/24/2004 3:17 AM 734 bytes Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\Temp\Perflib_Perfdata_f14.dat 8/28/2005 11:07 AM 16.00 KB Visible in directory index, but not Windows API or MFT.
D: 0 bytes Error mounting volume
#120
Posted 28 August 2005 - 11:21 PM
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Window_Placement"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBarLayout"=-
Locate fixme5.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
reboot and let me know
Thanks,
Excal
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users