Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

expdvd.dll


  • Please log in to reply

#106
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
ok, give me a minute.
  • 0

Advertisements


#107
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 1/8/2005 5:30:04 PM 162885 C:\WINDOWS\tsc.exe
PECompact2 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
qoologic 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
SAHAgent 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
UPX! 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll
aspack 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 3/10/2005 10:48:10 AM 269312 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 web-nexus.net #[Adw.Web-Nexus.WebNexusAdServer]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 stech.web-nexus.net
127.0.0.1 www.web-nexus.net
127.0.0.1 agentq.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com #[IE-SpyAd]
127.0.0.1 media-0.vpptechnologies.com
127.0.0.1 media-1.vpptechnologies.com
127.0.0.1 media-4.vpptechnologies.com
127.0.0.1 media-5.vpptechnologies.com
127.0.0.1 media-6.vpptechnologies.com
127.0.0.1 media-a.vpptechnologies.com
127.0.0.1 media-b.vpptechnologies.com
127.0.0.1 media-c.vpptechnologies.com
127.0.0.1 media-d.vpptechnologies.com
127.0.0.1 media-e.vpptechnologies.com
127.0.0.1 media-f.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 thumbs.vpptechnologies.com
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 ad-w-a-r-e.com #[Win32.Canbede]
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 abetterinternet.com #[Downloader.Stubby.A]
127.0.0.1 belt.abetterinternet.com
127.0.0.1 c.abetterinternet.com #[Adware-BetterInet application]
127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow]
127.0.0.1 download2.abetterinternet.com #[Parasite.Transponder]
127.0.0.1 s.abetterinternet.com
127.0.0.1 st.abetterinternet.com
127.0.0.1 static.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com #[Trojan-Downloader.Win32.Stubby.d]


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/9/2005 4:32:46 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/9/2005 4:32:34 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/9/2005 4:33:04 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/9/2005 4:32:48 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/9/2005 4:34:08 PM H 69632 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/9/2005 4:32:46 PM H 921600 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/2/2005 10:30:46 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/25/2005 9:23:06 PM S 558 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
9/25/2005 9:23:06 PM S 144 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XUJ45QJ\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JWM5LXBL\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SPMZ41QB\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WTU7K167\desktop.ini
9/27/2005 1:49:14 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\2003e0b3-decd-4738-99f9-a4d8ea285ec9
9/27/2005 1:49:14 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/9/2005 4:00:02 PM H 248 C:\WINDOWS\Tasks\AF392B239196A2CB.job
10/9/2005 4:30:20 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 8:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
9/18/2003 4:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 3/17/2004 7:39:38 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 3/12/2004 4:53:44 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 11:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
1/8/2005 3:58:44 PM 715 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
5/23/2005 3:07:38 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\DESKTOP.INI
2/23/2005 3:13:22 PM 676 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Laurie Eckerty\Application Data\DESKTOP.INI
3/28/2004 5:50:28 PM 0 C:\Documents and Settings\Laurie Eckerty\Application Data\dm.ini
11/19/2004 8:10:10 PM 59448 C:\Documents and Settings\Laurie Eckerty\Application Data\GDIPFONTCACHEV1.DAT
10/5/2005 10:24:58 AM 29248 C:\Documents and Settings\Laurie Eckerty\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Dell AIO Printer A940 "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/9/2005 4:39:30 PM
  • 0

#108
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
on options in security center, privacy is on medium setting. do you think norton isn't working?
  • 0

#109
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
would windows media connect have any effect on anything?
  • 0

#110
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Allright,I dont think this file has any buisness on the PC

C:\Documents and Settings\Laurie Eckerty\Application Data\wklnhst.dat

You can delete it and just leve it sit in the recycle bin until the next reboot!

If you dont get any errors during the next boot cycle,then the recycle bin can be emptied!

And key.txt is no where to be found?

Please make sure you Copied all the bold text into the open Run Box!

regedit /e c:\key.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center"

Try once More,I really need to see the output!
  • 0

#111
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
let me make sure i'm doing this right. i highlight the bold print sentence, right click, copy, press start, run, paste, then ok.

if all that was correct, then no, i don't see any text on my desktop
  • 0

#112
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
what is this lexpps.exe? it shows it was modified this october
  • 0

#113
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
i have the install disc for norton security and antivirus. do you think i should uninstall, and reinstall anything?

we are going to my parents for dinner in an hour. i plan on drinking wine. i can't make any promises after that. if you think i am having trouble following directions now.......or it could go the other way?
  • 0

#114
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
It wont be on the Desktop it will be here

C:\key.txt

Click Start-> My Computer-> Local Disk(C:)

There you should see key.txt


what is this lexpps.exe?
http://www.liutiliti...library/lexpps/
  • 0

#115
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
  • 0

Advertisements


#116
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Excellent,saw the problem I thought would be there!

Thanks for being so persistant and hangin with me through all this!

Copy the text below into a blank notepad page and Save it to the desktop as Fix.reg


REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000


Restart and lets see how we did!

Delete C:\key.txt so we dont get confused and I can be sure this will be an accurate export of that entry!

Click Start-> Run-> Copy&Paste the bold text below into the open Run box and click OK!

regedit /e c:\key.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center"


Post back the contents of C:\key.txt
  • 0

#117
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
  • 0

#118
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Good Deal!

How is StartUp now?
  • 0

#119
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
still slow on startup, but the last couple times, havn't had any error message from security center
  • 0

#120
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,now we have something to work with!

I want you to go to Msconfig and disable anything there that you dont need at Startup!

Once in Msconfig-> Click the tab labeled "Startup"

Look at all the entries there with a check by them!

Most are undeed at startup!

I have only the Antivirus Software entries checked in mine!

You will have to tinker with it until you have reduced the entries to a bare minimum!


Post back with a fresh HijackThis log and let me know how it goes?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP