Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora mischief [RESOLVED]

Started by Aslion , Jul 30 2005 12:33 PM

  • This topic is locked This topic is locked

#106
Aslion
Posted 17 August 2005 - 05:04 PM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 8/29/2002 6:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
FSG! 12/1/2004 9:03:08 AM 2473 C:\WINDOWS\SYSTEM32\t.exe
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
SH 7/25/2005 12:25:24 PM 7305 C:\WINDOWS\qnpum.txt
SH 7/15/2005 5:24:24 AM 200192 C:\WINDOWS\services.exe
SH 8/7/2005 10:29:22 PM 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_10.cab
H 8/17/2005 6:46:08 PM 8192 C:\WINDOWS\system32\config\default.LOG
H 8/17/2005 6:46:56 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
H 8/17/2005 6:46:22 PM 16384 C:\WINDOWS\system32\config\SECURITY.LOG
H 8/17/2005 6:46:58 PM 69632 C:\WINDOWS\system32\config\software.LOG
H 8/17/2005 6:46:58 PM 925696 C:\WINDOWS\system32\config\system.LOG
SH 8/7/2005 11:08:12 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\5e3e6acc-3d2d-4822-9f2b-48b90d4fc0a2
SH 8/7/2005 11:08:12 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
H 8/17/2005 6:44:22 PM 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/18/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Avance Logic, Inc. 6/20/2002 2:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
4/26/2002 7:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 5/15/2002 6:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 5/3/2002 8:06:00 PM 106496 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 11/16/2002 10:00:46 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft 3/2/1999 6:10:02 PM 49152 C:\WINDOWS\SYSTEM32\speech.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 3:03:24 PM 167704 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/17/2001 10:37:02 PM 48128 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/29/2002 6:41:28 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Intel Corporation 5/15/2002 6:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/29/2004 6:04:54 PM 1749 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
4/4/2005 6:32:48 AM 869 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
11/16/2002 9:58:40 PM 1811 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
1/25/2004 3:18:52 PM 1741 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
11/19/2004 11:46:12 AM 1652 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Event Reminder.lnk

Checking files in %USERPROFILE%\Application Data folder...
1/22/2005 1:11:34 PM 69912 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
11/18/2002 1:36:42 PM 12358 C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
11/18/2002 1:36:42 PM 61678 C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
11/16/2004 8:10:08 AM 230237 C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Filzip
{B28C18DB-6816-4F31-9630-397683E3C2C3} = C:\PROGRA~1\Filzip\fzshext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Filzip
{B28C18DB-6816-4F31-9630-397683E3C2C3} = C:\PROGRA~1\Filzip\fzshext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} =

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}
hp toolkit = C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton AntiVirus\NavShExt.dll
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\Program Files\AOL Toolbar\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}
ButtonText = ComcastHSI : http://www.comcast.net/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}
ButtonText = Support : http://www.comcastsupport.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}
ButtonText = Help : http://online.comcast.net/help/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\Program Files\AOL Toolbar\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
tgcmd "C:\Program Files\support.com\bin\tgcmd.exe" /server
StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
QAGENT C:\PROGRAM FILES\QUICKENW\QAGENT.EXE
PS2 C:\WINDOWS\system32\ps2.exe
nwiz nwiz.exe /install
NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
NAV Agent c:\PROGRA~1\NORTON~1\navapw32.exe
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
KBD C:\HP\KBD\KBD.EXE
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
IgfxTray C:\WINDOWS\System32\igfxtray.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
DIGStream C:\Program Files\DIGStream\digstream.exe
DIGServices C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
CamMonitor c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
HostManager C:\Program Files\Common Files\AOL\1122598433\ee\AOLHostManager.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
AOL Fast Start "C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoSaveSettings 0
NoThemesTab 0
NoToolbarsOnTaskbar 0
NoSetTaskbar 0
NoActiveDesktop 0
ClassicShell 0
NoBandCustomize 0
NoMovingBands 0
NoCloseDragDropBands 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} =
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/17/2005 6:58:21 PM
  • 0

Advertisements

#107
Excal
Posted 17 August 2005 - 10:04 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
One more we have to delete.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\SYSTEM32\t.exe
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "Yes".

Still trying to figure it out.

:tazz:

Excal
  • 0

#108
Excal
Posted 17 August 2005 - 10:44 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
in addition to the last post, can you check in your norton quarantine section and see if Explorer.exe might be in there.....thanks


Excal
  • 0

#109
Excal
Posted 18 August 2005 - 12:56 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I want to try this one more time please :tazz:

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamsMRU]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoToolbarsOnTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"
"BarSize"=-


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"**del.NoMovingBands"=" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"**del.NoSaveSettings"=" "



Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Reboot
  • 0

#110
Aslion
Posted 18 August 2005 - 05:24 AM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
"in addition to the last post, can you check in your norton quarantine section and see if Explorer.exe might be in there.....thanks"


I was able to do the other two tasks, but I do not know where my Norton Quarantine section is. Therefore, I could not do this one. Sorry.

Edited by Aslion, 18 August 2005 - 05:31 AM.

  • 0

#111
Aslion
Posted 18 August 2005 - 05:30 AM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
I spoke too soon. i found something in Norton Quarantine. There is only one file (apparently) in there. It says 2AB24F20. That doesn't sound like explorer, so I didn't do anything.
  • 0

#112
Excal
Posted 18 August 2005 - 09:33 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
So no luck with that other reg fix I take it.

Can you please download the zip file I have attached, run both of the scripts in that folder.

Thanks,

:tazz:

Excal
  • 0

#113
Aslion
Posted 18 August 2005 - 04:28 PM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
one worked, the other (fix-all.vbs) gave me an error message.
  • 0

#114
Excal
Posted 18 August 2005 - 04:37 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
lol, when i see that you respond....i pray before I look...

Here is a direct link to that.

Fix-all

Edited by Excal, 18 August 2005 - 04:38 PM.

  • 0

#115
Aslion
Posted 18 August 2005 - 06:16 PM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
I'm sure that you do pray. I appreciate what a pain this is, and the help that you are providing. That said, I got the same error on the direct link. Line 51 Char 1 (null).
  • 0

Advertisements

#116
Excal
Posted 18 August 2005 - 06:31 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Can you see if you shut down norton totally(including the firewall), and then try to run explorer.exe in run, will it work then.


Thanks,

:tazz:

Excal
  • 0

#117
Aslion
Posted 18 August 2005 - 08:24 PM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
I don't know how to disable it. Sorry.
  • 0

#118
Excal
Posted 18 August 2005 - 08:26 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
go to run and type in MSCONFIG, then go to startup tab. Give me a list of all the things that are checked and unchecked in there


thanks,

:tazz:

Excal
  • 0

#119
Aslion
Posted 18 August 2005 - 08:41 PM

Aslion

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
aoldial
tgcmd
sgtray
recguard
realplay
qttask
qagent
ps2
nwiz
rundll32
navapw32 (this is a Norton file)
mmtask
kbd
ituneshelper
igfxtray
hpsysdrv
hpztsb05
hkcmd
tfswctrl
digstream
digservices
hpqcmon
aolhostmanager
aolsp scheduler
port aol
ctfmon
msmgs
aol
eventminder
hpcenter ui
hpcenter
microsoftoffice
eventreminder


all checked
  • 0

#120
Excal
Posted 18 August 2005 - 08:51 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
K lets use HiJack to disable Norton. We can restore it back later.

4. Go to Start->Run and type in services.msc and hit OK. Then look for Norton AntiVirus Auto Protect Service and double click on it. Click on the Stop button and under Startup type, choose Disabled.


open hijack this and check and fix the following entries:

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

reboot

post back another HiJackthis to make sure
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP