Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore Will Not Start


  • Please log in to reply
11 replies to this topic

#1 shaggy98

shaggy98

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 12 December 2005 - 11:44 PM

Hi,
When I try to open up Internet Explorer I get the following error and IE will NOT open:

Application popup: IEXPLORE.EXE - Application Error : The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.

The same issue was logged in the below Forum: I have read it and learned how to fix the problem, however, with the fix provided it diverts me back to Internet Explorer version5. That is NOT documented in the thread. So, basically my problem is, I would like Internet Explorer 6 to function again. For some reason 6 does not work, but if I go back to version 5 it does work. Can someone PLEASE HELP!...I have a Hijack this log below. I have followed the steps in the topic below, but I want to know if there is a fix to get IE 6 to work...Thanks in advance, I appreciate any help,


http://www.bleepingcomputer.com/forums/t/19135/cannot-start-ie/

HiJack This! Log

Logfile of HijackThis v1.99.1
Scan saved at 8:35:50 PM, on 12/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\SYSTEM32\SPOOLSV.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\PCCTLCOM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
C:\PROGRA~1\TRENDM~1\INTERN~4\TMPFW.EXE
C:\WINNT\EXPLORER.EXE
C:\PROGRA~1\TRENDM~1\INTERN~4\PccGuide.exe
C:\WINNT\system32\pctspk.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\WEBSHOTS\WEBSHOTS.SCR
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\TMPROXY.EXE
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Steven M. Sturn\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SIMPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10*;10.*;*.chlweb.net;*.ten-net.net;172.17.*;172.18.2*;172.18.12.*;63.166.*;63.167.*;*.cwinsider.com;*.countrywide.com;*.cwbc.com;*.dynamicdox.com;*.ukvaluation.com;
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122644654390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124257511843
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 December 2005 - 07:06 AM

Hi shaggy98 and Welcome to the Bleeping Computer!

Unless you use this computer for debugging purposes,lets disable the Machine Debug Manager.


Click Start-> Run-> Type in Services.msc and Click OK

Scroll that list and locate this entry

Machine Debug Manager (MDM)

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled

Click Apply-> OK and Exit the Services Page


Did you notice this problem before installing all the EarthLink Software?


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart


Restart Normal and Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Post back with a fresh HijackThis log and the reports from WinPFind and Blacklight.

#3 shaggy98

shaggy98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 16 December 2005 - 09:25 PM

Hi Cretemonster,
Thanks for the response...Here are my findings:

I turned off (MDM) per your request. It was probably just on because I am a nerd and have Visual Studio on my computer...

The Earthlink Software and junk from my cable modem provider should be irrelevant, because I have had that on my computer a while now with no problem. It stopped working after I got a Javascript-like pop-up on some obscure website when surfing the net. I believe it prompted me to put in my name, so I hit the [X] twice and I.E. crashed with that message I stated before and Now I canot reopen...But that is just the background info.

OK...I ran WinPFind, but I cannot or do not know how to Run MSCONFIG...This is a Win2K machine, not an XP...I should ahve stated that initially, my bad...Regardless when I booted back up in Normal Mode I ran Blacklight without any errors...Not sure what you mean by "leave [X]scan through Windows Explorer checked" I did not have any option for this checkbox

I appreciate your help once again...Here are the log files:

WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/18/2003 8:05:50 PM 2052096 C:\WINNT\SYSTEM32\atl71.pdb
UPX! 7/4/2000 12:51:12 AM 86528 C:\WINNT\SYSTEM32\lame_enc.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
PEC2 3/18/2003 10:20:02 PM 10357760 C:\WINNT\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 9:28:40 PM 8252416 C:\WINNT\SYSTEM32\MFC71d.pdb
PEC2 3/18/2003 10:12:14 PM 10333184 C:\WINNT\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 9:31:58 PM 8293376 C:\WINNT\SYSTEM32\mfc71ud.pdb
PECompact2 12/8/2005 4:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
aspack 12/8/2005 4:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 1/12/2005 11:39:46 AM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 12/7/1999 4:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 11/9/2005 8:07:30 PM 1022432 C:\WINNT\SYSTEM32\drivers\VsapiNT.sys
aspack 11/9/2005 8:07:30 PM 1022432 C:\WINNT\SYSTEM32\drivers\VsapiNT.sys

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/12/2005 7:42:54 AM H 54156 C:\WINNT\QTFont.qfn
11/14/2005 12:36:58 AM RH 0 C:\WINNT\assembly\PublisherPolicy.tme
11/14/2005 12:36:58 AM RH 0 C:\WINNT\assembly\pubpol1.dat
11/14/2005 12:43:12 AM RH 0 C:\WINNT\assembly\NativeImages_v2.0.50727_32\index1b.dat
11/14/2005 12:43:14 AM RH 0 C:\WINNT\assembly\NativeImages_v2.0.50727_32\index1c.dat
12/16/2005 5:35:56 PM S 64 C:\WINNT\CSC\00000001
12/9/2005 5:09:12 PM S 64 C:\WINNT\CSC\00000002
12/8/2005 5:45:12 PM S 64 C:\WINNT\CSC\csc1.tmp
12/12/2005 7:14:32 PM H 65 C:\WINNT\Downloaded Program Files\desktop.ini
11/1/2005 5:24:56 AM H 0 C:\WINNT\inf\oem44.inf
11/19/2005 8:57:44 AM H 0 C:\WINNT\inf\oem45.inf
12/12/2005 7:14:32 PM H 65 C:\WINNT\Offline Web Pages\desktop.ini
12/13/2005 9:03:42 PM H 1024 C:\WINNT\system32\config\default.LOG
12/16/2005 5:39:48 PM H 1024 C:\WINNT\system32\config\SAM.LOG
12/16/2005 5:37:24 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
12/16/2005 5:43:18 PM H 1024 C:\WINNT\system32\config\software.LOG
10/31/2005 5:36:00 PM HS 336 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\8af65856-d4e0-4e4f-9e74-a33327cb55cb
10/31/2005 5:36:00 PM HS 24 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\Preferred
12/16/2005 5:35:58 PM H 6 C:\WINNT\Tasks\SA.DAT
12/12/2005 8:46:18 PM HS 113 C:\WINNT\Temp\History\History.IE5\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\09EB0L27\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\0DTCML4S\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\81EJ05Q3\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\OP23892N\desktop.ini
12/12/2005 7:14:36 PM H 11083 C:\WINNT\Web\ftp.htt

Checking for CPL files...
Microsoft Corporation 12/7/1999 4:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Avance Logic, Inc. 7/21/2002 10:28:00 PM 973824 C:\WINNT\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 6/19/2003 11:05:04 AM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 12/7/1999 4:00:00 AM 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
NVIDIA Corporation 10/6/2003 2:16:00 PM 73728 C:\WINNT\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 8/26/2002 11:11:40 AM 36864 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/8/2004 3:12:46 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 12/7/1999 4:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
WildTangent, Inc. 9/23/2003 6:48:48 PM 45056 C:\WINNT\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 1/12/2005 11:40:00 AM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl
IBM Corporation 9/23/1999 5:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/26/2002 11:11:40 AM 36864 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Avance Logic, Inc. 7/21/2002 10:28:00 PM R 973824 C:\WINNT\SYSTEM32\drivers\ALSndMgr.cpl
Avance Logic, Inc. 7/21/2002 10:28:00 PM 973824 C:\WINNT\SYSTEM32\ReinstallBackups\PCI#VEN_1106&DEV_3059&SUBSYS_80951043&REV_50#3&61AAA01&0&8D\0000\DriverFiles\ALSNDMGR.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/22/2004 5:28:48 PM 1731 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/20/2005 10:31:00 AM 1585 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
10/16/2003 6:28:52 AM 1572 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/17/2005 5:14:44 PM 672 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/26/2005 5:20:28 AM 551 C:\Documents and Settings\Steven M. Sturn\Start Menu\Programs\Startup\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
6/3/2005 7:48:10 PM 0 C:\Documents and Settings\Steven M. Sturn\Application Data\dm.ini
4/12/2005 4:20:52 PM 24800 C:\Documents and Settings\Steven M. Sturn\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SnagItMainShellExt
{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SnagItMainShellExt
{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}
HelperObject Class = C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}
ZIBho Class = C:\Program Files\Kontiki\bin\bh304181.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}
ElnkScamBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}
ElnkPubBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66252F33-BE30-4188-9199-63F2AC8BA137}
ElnkScamBHO Class = C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}
ElnkProtectionBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}
ElnkLegacyUninstBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\System32\msdxm.ocx
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = SnagIt : C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
{4064EA35-578D-4073-A834-C96D82CBCF40} = :
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{D7F30B62-8269-41AF-9539-B2697FA7D77E} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
{871F91FD-3A92-4988-A842-16AB2CFF5AF1} = :
{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
PCTVOICE pctspk.exe
PaperPort PTD c:\progra~1\scansoft\paperp~1\pptd40nt.exe
SetDefPrt C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
KeyMaestro C:\KMaestro\KMaestro.exe
LWBMOUSE C:\MMaestro\BWheel35.exe
RunDLL
ASUS Probe C:\Program Files\ASUS\Probe\AsusProb.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
DeadAIM rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
AnyDVD C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
RegistryMechanic
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM95\aim.exe -cnetwait.odl
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

SpySweeper
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
E6TaskPanel "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0
CDRAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau
= nwprovau.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify
= PCANotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/16/2005 5:49:17 PM


Blacklight:

12/16/05 18:00:58 [Info]: BlackLight Engine 1.0.30 initialized
12/16/05 18:00:58 [Info]: OS: 5.0 build 2195 (Service Pack 4)
12/16/05 18:00:58 [Note]: 7019 4
12/16/05 18:00:58 [Note]: 7005 0
12/16/05 18:01:08 [Note]: 7006 0
12/16/05 18:01:08 [Note]: 7011 1564
12/16/05 18:01:08 [Note]: FSRAW library version 1.7.1014
12/16/05 18:03:42 [Note]: 7007 0


HiJackThis!:

Logfile of HijackThis v1.99.1
Scan saved at 6:07:16 PM, on 12/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\SYSTEM32\SERVICES.EXE
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\SYSTEM32\SPOOLSV.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINNT\System32\mnmsrvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\PCCTLCOM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
C:\PROGRA~1\TRENDM~1\INTERN~4\TMPFW.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\pctspk.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\PROGRA~1\WEBSHOTS\WEBSHOTS.SCR
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Documents and Settings\Steven M. Sturn\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SIMPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10*;10.*;*.chlweb.net;*.ten-net.net;172.17.*;172.18.2*;172.18.12.*;63.166.*;63.167.*;*.cwinsider.com;*.countrywide.com;*.cwbc.com;*.dynamicdox.com;*.ukvaluation.com;<local>
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122644654390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124257511843
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/Tra...ransferCtrl.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~4\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~4\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~4\tmproxy.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



Thanks![font=Arial]

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2005 - 05:50 AM

Im not sure I fully understood what you meant about the Earthlink Software??

I need a closer look at you Run Key in the registry.

Go to Start-> Run-> Type in cmd and Click OK.

Type in cd\ and hit enter

Copy&Paste the command below into the command prompt window

REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s >C:\Reg.txt

Give it a minute to run.

Now go to your C drive and locate Reg.txt and post the contents of that notepad page in the next reply.

#5 shaggy98

shaggy98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 19 December 2005 - 09:58 AM

Hi Cretemonster,

Not sure if I did this correct, but it looks like what you wanted I assume. BTW: I did not have the REG command recognized on my computer at first, not sure why, but I just got the REG.exe online and then it worked, so I am hoping this has all the info you wanted.

Oh yeah, about the Earthlink Software; You asked before if the problem with IE not starting happened before I installed Earthlink. I just meant that I have had Earthlink on my computer a while with No Ill Effect, so I am not thinking it had anything to do with Earthlink. Then I was just talking about what I thought caused IE to crash and not open...Probably some Malware caused by a javascript prompt is my guess...Thanks for the help...

Here is the REG QUERY:


Listing of [SOFTWARE\Microsoft\Windows\CurrentVersion\\Run]

REG_SZ Synchronization Manager mobsync.exe /logon
REG_SZ NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
REG_SZ nwiz nwiz.exe /install
REG_SZ PCTVOICE pctspk.exe
REG_SZ PaperPort PTD c:\progra~1\scansoft\paperp~1\pptd40nt.exe
REG_SZ SetDefPrt C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
REG_SZ KeyMaestro C:\KMaestro\KMaestro.exe
REG_SZ LWBMOUSE C:\MMaestro\BWheel35.exe
REG_SZ RunDLL
REG_SZ ASUS Probe C:\Program Files\ASUS\Probe\AsusProb.exe
REG_SZ QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
REG_SZ TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
REG_SZ SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
REG_SZ DeadAIM rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
REG_SZ ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
REG_SZ AnyDVD C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
REG_SZ RegistryMechanic
REG_SZ RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
REG_SZ pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
[KeyMaestro]
REG_DWORD FirstRun 1
REG_DWORD RepeatFlag 0
REG_DWORD PowerEnable 1
REG_DWORD BTCplayEnable 1
[OptionalComponents]
[OptionalComponents\IMAIL]
REG_SZ Installed 1
[OptionalComponents\MAPI]
REG_SZ Installed 1
REG_SZ NoChange 1
[OptionalComponents\MSFS]
REG_SZ Installed 1

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 03:15 AM

Create a folder on your desktop called Sysclean.

Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)

Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.

Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, select: 'view log'.
Copy and paste this log in your next reply.

#7 shaggy98

shaggy98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 20 December 2005 - 08:53 AM

Hi Cretemonster,

Thank you so much for all the help :thumbsup: . You know what, I actually have Trendmicros PCCillin on my computer, not sure why it didn't catch this, but sometimes when a virus is detected it has a slight lapse in time before it is quarantined and I think I clicked the bug too fast so it was not detected.

The good news is: I searched the forum and this seems like something rather new and a common occurance all of a sudden...Here is a fix that seems to work and HAS worked for me! Thanks for the hard work.

FIX: from miekiemoes :flowers:

http://www.bleepingcomputer.com/forums/ind...D=in&MSID=24172

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 07:17 PM

That link is dead but if you say it came from Mie,then OK by me!

Lets see a WinPFind log from Safe Mode,that run key is still preturbing me.

#9 shaggy98

shaggy98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 20 December 2005 - 09:23 PM

Hi Cretemonster,

Sorry about that, not sure what that link was I tried to send before. Here is the link to the other forum with the fix. I also found another one online, looks like this could be a newer problem just now infecting people

Thanks

http://www.bleepingcomputer.com/forums/t/37312/internet-explorer-failed-to-initialize-error/

or

http://www.annoyances.org/exec/forum/win2000/1134439761

Here is my new WinPFind log

Thanks

WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/18/2003 8:05:50 PM 2052096 C:\WINNT\SYSTEM32\atl71.pdb
UPX! 7/4/2000 12:51:12 AM 86528 C:\WINNT\SYSTEM32\lame_enc.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
PEC2 3/18/2003 10:20:02 PM 10357760 C:\WINNT\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 9:28:40 PM 8252416 C:\WINNT\SYSTEM32\MFC71d.pdb
PEC2 3/18/2003 10:12:14 PM 10333184 C:\WINNT\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 9:31:58 PM 8293376 C:\WINNT\SYSTEM32\mfc71ud.pdb
PECompact2 12/8/2005 4:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
aspack 12/8/2005 4:20:26 PM 2714976 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 1/12/2005 11:39:46 AM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 12/7/1999 4:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 11/9/2005 8:07:30 PM 1022432 C:\WINNT\SYSTEM32\drivers\VsapiNT.sys
aspack 11/9/2005 8:07:30 PM 1022432 C:\WINNT\SYSTEM32\drivers\VsapiNT.sys

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/12/2005 7:42:54 AM H 54156 C:\WINNT\QTFont.qfn
12/20/2005 5:48:06 PM H 922076 C:\WINNT\ShellIconCache
11/14/2005 12:36:58 AM RH 0 C:\WINNT\assembly\PublisherPolicy.tme
11/14/2005 12:36:58 AM RH 0 C:\WINNT\assembly\pubpol1.dat
11/14/2005 12:43:12 AM RH 0 C:\WINNT\assembly\NativeImages_v2.0.50727_32\index1b.dat
11/14/2005 12:43:14 AM RH 0 C:\WINNT\assembly\NativeImages_v2.0.50727_32\index1c.dat
12/20/2005 5:48:14 PM S 64 C:\WINNT\CSC\00000001
12/19/2005 6:35:24 AM S 64 C:\WINNT\CSC\00000002
12/9/2005 5:09:12 PM S 64 C:\WINNT\CSC\csc1.tmp
12/12/2005 7:14:32 PM H 65 C:\WINNT\Downloaded Program Files\desktop.ini
11/1/2005 5:24:56 AM H 0 C:\WINNT\inf\oem44.inf
11/19/2005 8:57:44 AM H 0 C:\WINNT\inf\oem45.inf
12/12/2005 7:14:32 PM H 65 C:\WINNT\Offline Web Pages\desktop.ini
12/20/2005 5:41:32 AM H 1024 C:\WINNT\system32\config\default.LOG
12/20/2005 5:52:02 PM H 1024 C:\WINNT\system32\config\SAM.LOG
12/20/2005 5:49:38 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
12/20/2005 5:55:58 PM H 1024 C:\WINNT\system32\config\software.LOG
10/31/2005 5:36:00 PM HS 336 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\8af65856-d4e0-4e4f-9e74-a33327cb55cb
10/31/2005 5:36:00 PM HS 24 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\Preferred
12/20/2005 5:48:14 PM H 6 C:\WINNT\Tasks\SA.DAT
12/12/2005 8:46:18 PM HS 113 C:\WINNT\Temp\History\History.IE5\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\09EB0L27\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\0DTCML4S\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\81EJ05Q3\desktop.ini
12/12/2005 8:46:18 PM HS 67 C:\WINNT\Temp\Temporary Internet Files\Content.IE5\OP23892N\desktop.ini
12/12/2005 7:14:36 PM H 11083 C:\WINNT\Web\ftp.htt

Checking for CPL files...
Microsoft Corporation 12/7/1999 4:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Avance Logic, Inc. 7/21/2002 10:28:00 PM 973824 C:\WINNT\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 6/19/2003 11:05:04 AM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 12/7/1999 4:00:00 AM 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
NVIDIA Corporation 10/6/2003 2:16:00 PM 73728 C:\WINNT\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 8/26/2002 11:11:40 AM 36864 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/8/2004 3:12:46 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 11:05:04 AM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 12/7/1999 4:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
WildTangent, Inc. 9/23/2003 6:48:48 PM 45056 C:\WINNT\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 1/12/2005 11:40:00 AM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl
IBM Corporation 9/23/1999 5:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 12/7/1999 4:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/26/2002 11:11:40 AM 36864 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Avance Logic, Inc. 7/21/2002 10:28:00 PM R 973824 C:\WINNT\SYSTEM32\drivers\ALSndMgr.cpl
Avance Logic, Inc. 7/21/2002 10:28:00 PM 973824 C:\WINNT\SYSTEM32\ReinstallBackups\PCI#VEN_1106&DEV_3059&SUBSYS_80951043&REV_50#3&61AAA01&0&8D\0000\DriverFiles\ALSNDMGR.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/22/2004 5:28:48 PM 1731 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
11/20/2005 10:31:00 AM 1585 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
12/20/2005 6:09:04 AM 1582 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/17/2005 5:14:44 PM 672 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/26/2005 5:20:28 AM 551 C:\Documents and Settings\Steven M. Sturn\Start Menu\Programs\Startup\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
6/3/2005 7:48:10 PM 0 C:\Documents and Settings\Steven M. Sturn\Application Data\dm.ini
4/12/2005 4:20:52 PM 24800 C:\Documents and Settings\Steven M. Sturn\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SnagItMainShellExt
{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SnagItMainShellExt
{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}
HelperObject Class = C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}
ZIBho Class = C:\Program Files\Kontiki\bin\bh304181.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}
ElnkScamBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}
ElnkPubBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66252F33-BE30-4188-9199-63F2AC8BA137}
ElnkScamBHO Class = C:\Program Files\EarthLink TotalAccess\EScamBlk.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}
ElnkProtectionBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}
ElnkLegacyUninstBHO Class = C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\System32\msdxm.ocx
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} = SnagIt : C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
{4064EA35-578D-4073-A834-C96D82CBCF40} = :
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{D7F30B62-8269-41AF-9539-B2697FA7D77E} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
{871F91FD-3A92-4988-A842-16AB2CFF5AF1} = :
{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
PCTVOICE pctspk.exe
PaperPort PTD c:\progra~1\scansoft\paperp~1\pptd40nt.exe
SetDefPrt C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
KeyMaestro C:\KMaestro\KMaestro.exe
LWBMOUSE C:\MMaestro\BWheel35.exe
RunDLL
ASUS Probe C:\Program Files\ASUS\Probe\AsusProb.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
DeadAIM rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
AnyDVD C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
RegistryMechanic
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM95\aim.exe -cnetwait.odl
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

SpySweeper
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
E6TaskPanel "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0
CDRAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau
= nwprovau.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify
= PCANotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/20/2005 6:01:17 PM

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2005 - 03:41 AM

Well that RunDll entry under the actual run key maybe legit but I havent ever seen it listed like that.

If you like,navigate to this Key in the Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Look in the Right Hand pane for the SubKey-> RunDll

See what kinda info is there such as the value or anything else?

#11 shaggy98

shaggy98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 21 December 2005 - 08:55 AM

Hi Cretemonster,

RunDll shows a blank data value. It only shows Name : RunDll, Type: REG_SZ, Data: <nothing/blank/null>

Thanks

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2005 - 08:00 PM

What we will do is leave this thread open for a while and if a problem comes up in the next week or so,you can reply back and we will handle it from there.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users