Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Problem, Spyware Problem, Hjk Log Here.


  • Please log in to reply
15 replies to this topic

#1 greatermeh

greatermeh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 24 December 2005 - 05:33 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:31:37 PM, on 12/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\jules\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [btqgeok] C:\WINDOWS\system32\mgttker.exe r
O4 - HKLM\..\Run: [pejuog] C:\WINDOWS\system32\xhealb.exe r
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [miqegwi] C:\WINDOWS\miqegwi.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098277167703
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCDA4A1-CC7E-4CE2-907A-B9C977CDD5F0}: NameServer = 206.47.244.12 207.47.244.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

i made antoher topic called ' Resgistry Problem? ' and phawgg told me to post here, ty for the help

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 24 December 2005 - 05:49 PM

Move HiJack off the desktop

Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there
================
Get all of these and/or verify you have the current versions

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html

MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize



Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 24 December 2005 - 06:01 PM

ok, I got to go right now so I can't do all that but I will when I get back. thx for the help

#4 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 26 December 2005 - 03:00 PM

ok, some problems
first I will state everything I did in the topic I made 'Registry Problem'

I use Windows XP Home, and about a week ago I noticed that Add-Watch had detected a 'registry error' (not a simple 'registry modification detected') when I first started up my computer (Intel Celeron).
Soon after, when I started up my comp, all the icons on the desktop had to be redirected, as well as all the programs and everything in the start menu, and in My Computer, so everything now has to be redirected, some things don't even work when they are redirected.
I noticed that this might be a good thing (?) because now when I run Ad-Aware, I always get 0 new spyware detected. Could my registry problem mean that Hackers and Spywares cant properly get into my comp?
Anyway, even if that is the case, I cant open things in the Control Panel, or in System Tools.

I just figured out that the only way to open files that I just Dl'ed (Hijack this ect..) is to make a shortcut, and then redirect the shortcut and now I have figured out that I cant open Hjk this if I put it in program files and make a shortcut (it won't do anything), rather the hijk this file must be on the desktop for me to open it.

Also, I dont know if it means anything but when I control alt delete theres the 'system idle process' thing in processes, which showed up once when my comp was filled with spyware and wouldnt even show any desktop items, or the start menu (I ran Ad-Aware and my comp was fine though) but now I don't think its a spyware problem, but what I know...
Also, Add-Watch doesnt start up either when I start my comp, nor do any of the programs that are exposed to show up on my toolbar, all I see on my toolbar is my internet and the volume control (which doesn't even work).
And it might be usefull to know that I see the message of 'Windows cannot open this file because it doesnt know what created it' 'what would you like to do?' -Use the Web service to find appropriate program or select the program from a list when I first log in to my windows.
Another thing is all the shortcuts and every single file that shows (the ones in the System tools folder dont show up) are seen as EXE files.
When I try to open WGA setup I get a error thats 'Comand line option syntax error.Type Command /? for help.' (maybe because of the shortcut I had to create?)
besides for WGA not working spybot works and spyware blaster works fine, but I havent installed the ewido security suite yet.

Thanks for the help!

Edited by greatermeh, 26 December 2005 - 03:05 PM.


#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 26 December 2005 - 03:20 PM

Run Ewido and then post a log

EXE FIX http://www.kellys-korner-xp.com/regs_edits/exefix.reg - save target as exe.reg and double click
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 26 December 2005 - 04:12 PM

ewido wont work, I tried everything I did before but it wont do anything (create shortcut of file, open shortcut with 'ewidoguard' but nothing happens)
instead all the files that were exe files have changed into ewido setup files, and everything for some reason now autimaticaly opens with ewidosetup, its very strange cause this didnt happen with the other programs
I tried running my comp on safe mode but that didnt change anything

#7 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 26 December 2005 - 04:15 PM

anyway heres my hijack this log, maybe that will help some

Logfile of HijackThis v1.99.1
Scan saved at 4:14:26 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jules\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [btqgeok] C:\WINDOWS\system32\mgttker.exe r
O4 - HKLM\..\Run: [pejuog] C:\WINDOWS\system32\xhealb.exe r
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [miqegwi] C:\WINDOWS\miqegwi.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098277167703
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCDA4A1-CC7E-4CE2-907A-B9C977CDD5F0}: NameServer = 206.47.244.12 207.47.244.12
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 26 December 2005 - 05:15 PM

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [btqgeok] C:\WINDOWS\system32\mgttker.exe r

O4 - HKLM\..\Run: [pejuog] C:\WINDOWS\system32\xhealb.exe r

O4 - HKLM\..\Run: [miqegwi] C:\WINDOWS\miqegwi.EXE

O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe

O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"

O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\mgttker.exe
C:\WINDOWS\system32\xhealb.exe
C:\WINDOWS\miqegwi.EXE
C:\WINDOWS\system32\pshwr.exe
C:\Program Files\FCEngine
C:\Program Files\CMAPP

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 26 December 2005 - 07:38 PM

Ok, heres what Killbox did

C:\WINDOWS\system32\mgttker.exe ----> file doesn't exist
C:\WINDOWS\system32\xhealb.exe ----> file doesn't exist
C:\WINDOWS\system32\pshwr.exe ----> file deleted
C:\WINDOWS\miqegwi.exe ----> file doesn't exist
C:\Program Files\FCEgine ----> file deleted
C:\Program Files\CMAPP ----> file doesn't exist

I deleted everything in TEMP and emptied recycle bin

rebooted comp on normal and here's my new log

Logfile of HijackThis v1.99.1
Scan saved at 7:46:51 PM, on 12/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\jules\Desktop\hijackthis\HijackThis.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098277167703
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

My comp still seems to have the same problem as before (I have to redirect all the files and shortcuts, and control panel and system tools wont work)
Note: you said close ie but I don't use ie, when I try to control alt delete and end explorer.exe my comp screws up

Edited by greatermeh, 26 December 2005 - 07:59 PM.


#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 26 December 2005 - 08:55 PM

Did you do this

EXE FIX http://www.kellys-korner-xp.com/regs_edits/exefix.reg - save target as exe.reg and double click

If so please try to clearly explain what is happening
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 27 December 2005 - 08:54 PM

when I double click this is what pops up

Windows cannot open this file:

File: exe.reg

To open this file. Windows needs to know what program created it. Windows can go online to look it up autimatically, or you can manually select from a list of programs on your computer.


What do you want to do?

-Use the Web service to find the appropriate program

-Select the program from a list

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 December 2005 - 12:26 PM

START RUN - regedit.exe

in regedit file - import - import that file
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 28 December 2005 - 03:12 PM

same thing happens when I go to Run- regedit.exe

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 December 2005 - 03:26 PM

Run regedit.exe

in Regedit FILE - IMPORT - import that file
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 greatermeh

greatermeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 28 December 2005 - 07:31 PM

Ok, cool, everything is back to the way it was, all the files have their icons.

yet I still get this when add-watch runs

Internal Error: User Preference file corrupted

then I get a warning from add-watch that asks me if I want to accept or block it, and whatever I do the warning will always come back and wont go away which forces me to control alt delete and end add-watch, and if I open add-watch again to try to change its preferences (make it not automatic) and end task then I will get the same problem I had before. Is this just Add-Watch being stupid?

should I follow what you told me before with ewido and the other programs?

Edited by greatermeh, 28 December 2005 - 07:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users