Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Holy Sh!t! Its Rasautou.exe!


  • Please log in to reply

#1
ktownkatman

ktownkatman

    Member

  • Member
  • PipPipPip
  • 168 posts
Rasautou.exe is showing up on my hjt process manager. My task manager wont open. Problems caused by libsys32.exe??? Ie explorer wont load most pages. says something about a dns error. HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:36:10 PM, on 9/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Andy H\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125799960991
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F37B04EE-83F4-4A24-8896-F45D6C7D25EA}: NameServer = 65.17.128.3 65.17.128.7
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)

WHAT??????!!!?!?!?!? Rasautou.exe isnt running now!!! It was believe me. Please help!


'~ktownkatman~'
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi ktownkatman and Welcome to GeekstoGo!

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entry

NT login service

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Click Apply-> OK and Exit the Services Page!


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!


Open HijackThis and go to the Misc Tools Section and Click "Delete a File on Reboot"

When the small window pops up-> Navigate to this file-> C:\WINDOWS\System32\libsys32.exe

Double Click the File and follow the prompts to have HijackThis Reboot the PC!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...torial=62#winxp


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe

O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe

O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK!

sc delete ntlogin32


Make sure that file is gone-> Navigate to C:\WINDOWS\System32

Search through the System32 folder and be sure libsys32.exe is gone,if found,delete!


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
F-Secure

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from F-Secure and WinPFind!

Edited by Cretemonster, 04 September 2005 - 05:12 AM.

  • 0

#3
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
ok just a minute
  • 0

#4
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
HJT won't run it comes up then pops away a milisecond later.
  • 0

#5
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
and it wont let me download the one thing. I'm scanning with Panda now.
  • 0

#6
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
ok nevermind those last 2 posts. i got it to work deleted ntlogin32 and libsys32. WinPFind:

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 6/25/2002 7:04:02 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 6/25/2002 7:22:50 PM 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 6/25/2002 7:31:52 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/4/2005 2:08:32 PM S 2048 C:\WINDOWS\bootstat.dat
8/19/2005 9:13:54 AM RH 749 C:\WINDOWS\WindowsShell.Manifest
8/19/2005 9:14:04 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
8/19/2005 9:15:14 AM HS 67 C:\WINDOWS\Fonts\desktop.ini
8/19/2005 9:27:24 AM H 0 C:\WINDOWS\inf\oem0.inf
8/19/2005 12:13:32 PM H 0 C:\WINDOWS\inf\oem1.inf
8/19/2005 9:33:16 AM H 0 C:\WINDOWS\LastGood\INF\codecs10.inf
8/19/2005 9:33:16 AM H 0 C:\WINDOWS\LastGood\INF\codecs10.PNF
8/19/2005 9:33:12 AM H 0 C:\WINDOWS\LastGood\INF\DRM10.inf
8/19/2005 9:33:12 AM H 0 C:\WINDOWS\LastGood\INF\DRM10.PNF
8/19/2005 5:51:54 PM H 0 C:\WINDOWS\LastGood\INF\dxbda.inf
8/19/2005 5:51:54 PM H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF
8/19/2005 5:51:54 PM H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf
8/19/2005 5:51:54 PM H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF
8/19/2005 5:51:18 PM H 0 C:\WINDOWS\LastGood\INF\dxxp.inf
8/19/2005 5:51:18 PM H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF
8/19/2005 9:27:08 AM H 0 C:\WINDOWS\LastGood\INF\java.inf
8/19/2005 9:27:08 AM H 0 C:\WINDOWS\LastGood\INF\java.PNF
8/19/2005 9:34:06 AM H 0 C:\WINDOWS\LastGood\INF\MPCD10.inf
8/19/2005 9:34:06 AM H 0 C:\WINDOWS\LastGood\INF\MPCD10.PNF
8/19/2005 9:33:10 AM H 0 C:\WINDOWS\LastGood\INF\MPPRE10.inf
8/19/2005 9:33:10 AM H 0 C:\WINDOWS\LastGood\INF\MPPRE10.PNF
8/19/2005 9:34:10 AM H 0 C:\WINDOWS\LastGood\INF\MPSTUB10.inf
8/19/2005 9:34:10 AM H 0 C:\WINDOWS\LastGood\INF\MPSTUB10.PNF
8/19/2005 9:27:04 AM H 0 C:\WINDOWS\LastGood\INF\oem0.inf
8/19/2005 9:27:04 AM H 0 C:\WINDOWS\LastGood\INF\oem0.PNF
8/19/2005 12:13:32 PM H 0 C:\WINDOWS\LastGood\INF\oem1.inf
8/19/2005 12:13:32 PM H 0 C:\WINDOWS\LastGood\INF\oem1.PNF
8/19/2005 12:22:58 PM H 0 C:\WINDOWS\LastGood\INF\oem2.inf
8/19/2005 12:22:58 PM H 0 C:\WINDOWS\LastGood\INF\oem2.PNF
8/19/2005 2:11:24 PM H 0 C:\WINDOWS\LastGood\INF\oem3.inf
8/19/2005 2:11:24 PM H 0 C:\WINDOWS\LastGood\INF\oem3.PNF
9/3/2005 10:22:14 PM H 0 C:\WINDOWS\LastGood\INF\oem4.inf
9/3/2005 10:22:14 PM H 0 C:\WINDOWS\LastGood\INF\oem4.PNF
8/19/2005 9:33:28 AM H 0 C:\WINDOWS\LastGood\INF\WMDM10.inf
8/19/2005 9:33:28 AM H 0 C:\WINDOWS\LastGood\INF\WMDM10.PNF
8/19/2005 9:33:18 AM H 0 C:\WINDOWS\LastGood\INF\WMFSDK10.inf
8/19/2005 9:33:18 AM H 0 C:\WINDOWS\LastGood\INF\WMFSDK10.PNF
8/19/2005 9:33:46 AM H 0 C:\WINDOWS\LastGood\INF\WMP10.inf
8/19/2005 9:33:46 AM H 0 C:\WINDOWS\LastGood\INF\WMP10.PNF
8/19/2005 9:34:12 AM H 0 C:\WINDOWS\LastGood\INF\WMSET10.inf
8/19/2005 9:34:12 AM H 0 C:\WINDOWS\LastGood\INF\WMSET10.PNF
8/19/2005 9:33:32 AM H 0 C:\WINDOWS\LastGood\INF\WPD10.inf
8/19/2005 9:33:32 AM H 0 C:\WINDOWS\LastGood\INF\WPD10.PNF
8/19/2005 9:33:34 AM H 0 C:\WINDOWS\LastGood\INF\wpdmtp.inf
8/19/2005 9:33:34 AM H 0 C:\WINDOWS\LastGood\INF\wpdmtp.PNF
8/19/2005 9:16:04 AM H 0 C:\WINDOWS\LastGood.Tmp\INF\oem0.inf
8/19/2005 9:16:04 AM H 0 C:\WINDOWS\LastGood.Tmp\INF\oem0.PNF
8/19/2005 9:14:04 AM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
8/19/2005 9:14:36 AM RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
8/19/2005 9:14:36 AM RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
8/19/2005 9:14:36 AM RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
8/19/2005 9:17:08 AM H 237568 C:\WINDOWS\repair\ntuser.dat
8/19/2005 9:13:54 AM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
8/19/2005 9:14:04 AM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
8/19/2005 9:13:54 AM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
8/19/2005 9:13:54 AM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
8/19/2005 9:13:54 AM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
8/19/2005 9:14:04 AM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
8/19/2005 9:13:54 AM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
9/4/2005 2:09:54 PM H 1024 C:\WINDOWS\system32\config\default.LOG
9/4/2005 2:08:40 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/4/2005 2:18:44 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
9/4/2005 3:01:38 PM H 1024 C:\WINDOWS\system32\config\software.LOG
9/4/2005 2:54:44 PM H 1024 C:\WINDOWS\system32\config\system.LOG
8/19/2005 8:46:54 AM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
8/19/2005 8:46:56 AM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
9/3/2005 10:10:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
8/19/2005 8:48:18 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
8/19/2005 8:48:18 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
8/19/2005 9:14:38 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
8/19/2005 9:14:38 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
8/19/2005 9:14:38 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
8/19/2005 9:14:38 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/19/2005 9:14:38 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01QVO52Z\desktop.ini
8/19/2005 9:14:38 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8HQJSTE3\desktop.ini
8/19/2005 9:14:38 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XQNO5YJ\desktop.ini
8/19/2005 9:14:38 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HAH28QLK\desktop.ini
8/19/2005 9:14:08 AM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
8/19/2005 8:48:18 AM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
8/19/2005 9:16:00 AM HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
8/19/2005 9:16:00 AM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
8/19/2005 9:16:00 AM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
8/19/2005 9:16:00 AM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
8/19/2005 9:16:00 AM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
8/19/2005 5:23:50 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\8db60e95-1af9-4d85-9b39-d44fcdfb6102
8/19/2005 5:23:50 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/19/2005 12:13:36 PM RHS 13695 C:\WINDOWS\system32\Restore\filelist.xml
9/4/2005 2:08:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 6/25/2002 2:58:36 PM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 6/25/2002 6:59:14 PM 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/25/2002 7:03:58 PM 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 6/25/2002 7:07:14 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 6/25/2002 7:08:34 PM 294912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 6/25/2002 7:08:46 PM 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 6/25/2002 7:12:24 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 6/25/2002 7:14:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 6/25/2002 7:17:28 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 6/25/2002 7:19:54 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 6/25/2002 7:19:58 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 6/25/2002 7:20:10 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/25/2002 7:21:38 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 6/25/2002 7:28:16 PM 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 6/25/2002 7:28:52 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 6/25/2002 7:29:04 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 6/25/2002 2:58:36 PM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 6/25/2002 6:59:14 PM 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 6/25/2002 3:03:58 PM 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 6/25/2002 7:07:14 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 6/25/2002 7:08:34 PM 294912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 6/25/2002 7:08:46 PM 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 6/25/2002 7:12:24 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 6/25/2002 7:14:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 6/25/2002 7:17:28 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 6/25/2002 7:19:54 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 6/25/2002 7:19:58 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 6/25/2002 7:20:10 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 6/25/2002 7:21:38 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 6/25/2002 7:24:04 PM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 6/25/2002 7:28:16 PM 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 6/25/2002 7:28:52 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 6/25/2002 7:29:04 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/19/2005 9:16:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
8/19/2005 11:58:24 AM 1385 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Internet Answering Machine.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/19/2005 8:48:18 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
8/19/2005 9:16:00 AM HS 84 C:\Documents and Settings\Andy H\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
8/19/2005 8:48:18 AM HS 62 C:\Documents and Settings\Andy H\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LTMSG LTMSG.exe 7
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/4/2005 3:06:00 PM
  • 0

#7
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
According to what all the other helpers here are telling me!

This isnt a legit copy of Windows,which would explain why threre isnt a Update!

There isnt anything else I can do to help you until the System shows Updates to SP2!
  • 0

#8
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Ok listen: Post edited by Mod.. Name calling is NOT an accepted practise here !! I just had a virus that wouldnt let me do the activex. Now can you read my log?

Also, you have admitted via PM that you used a Restore cd that you got from Dell for your Dell system to upgrade a different system to XP.. That is illegal as the Restore cd does with the original system - the Dell..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP