View Full Version : Just checking...
Hey all, recently I had contracted some major virus through MSN Messenger ("Hey is that your picture?" auto-message thing) and have been spending the last week trying to clean my PC of it.
I think my PC is clean for the most part but just incase I'd like someone more experienced to check it out. (I also ran an on-line Anti Virus scan as stated in one of the stickies, which found nothing.)
Logfile of HijackThis v1.99.1
Scan saved at 8:30:56 PM, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [ggf6379b] RUNDLL32.EXE w0e3ae22.dll,n 005637960000000a0e3ae22
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155676927265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4866/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
Also, I'm not sure if this is related but everytime I start my PC I get this error: http://i9.tinypic.com/3522mc7.jpg
And ever since the incident I havent been able to acsess Windows Firewall: http://i10.tinypic.com/2hd2q85.jpg, nor Windows Update (All my updates fail on installation.)
Any help will be appreciated, thanks.
Hello and welcome :)
Please run a scan with HijackThis and check the following objects for removal:
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [ggf6379b] RUNDLL32.EXE w0e3ae22.dll,n 005637960000000a0e3ae22
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
-----
Navigate to, and delete the following file if present:
C:\WINDOWS\System32\w0e3ae22.dll
(If you can't find it, make sure you can see hidden files (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx), if you cant delete it, boot into Safe Mode (http://www.pchell.com/support/safemode.shtml) and try again. Make sure you rehide hidden files)
Empty recycle bin.
-----
RIGHT-CLICK HERE (http://windowsxp.mvps.org/reg/sharedaccess.reg) and choose "Save As" (in IE it's "Save Target As") to download sharedaccess.reg and save it to your desktop.
Double-click the file.
when asked to merge with registry, hit YES.
The Services entry will be created.
Please reboot.
Click Start -> Run and type in: cmd.exe
On Command Prompt, type NETSH FIREWALL RESET
Hit Enter.
Then go to the Control Panel and launch the Windows Firewall again. Try to access your Firewall settings again.
-------
Finally.......
Please download Combofix (http://download.bleepingcomputer.com/sUBs/combofix.exe) to your desktop:
Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log. :)
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Awesome, thank you!:D:
Anyways, here is my new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:35:28 AM, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155676927265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
And my Combofix log:
Kev - 06-10-15 11:26:51.54 Service Pack 2
ComboFix 06.10.14.1 - Running from: "C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Desktop"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Dxccwrd.dll
C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Dxcknwrd.dll
C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Dxcuknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))
2006-10-14 16:11 57,344 --a------ C:\WINDOWS\system32\pavipc.dll
2006-10-14 14:08 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2006-10-14 14:08 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2006-10-12 19:30 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2006-10-11 20:02 2 --a------ C:\WINDOWS\system32\wintsvcc.exe
2006-10-09 19:02 92,544 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2006-10-08 14:36 <DIR> d-------- C:\WINDOWS\McAfee.com
2006-10-05 22:29 1,233 --a------ C:\WINDOWS\system32\ggf6379b.sys
2006-10-01 23:06 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-01 23:06 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-01 23:06 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-01 23:06 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-01 23:06 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-01 23:06 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-17 17:51 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
[b]Rootkit driver pe386 is present. A rootkit scan is required
2006-10-15 11:27 -------- d-------- C:\Program Files\Common Files
2006-10-15 11:22 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-15 11:10 -------- d-------- C:\Program Files\hijackthis
2006-10-15 00:19 -------- d-------- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Windows Live Safety Center
2006-10-15 00:13 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-14 21:54 -------- d---s---- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Microsoft
2006-10-14 19:02 -------- d-------- C:\Program Files\Windows Defender
2006-10-14 18:54 -------- d-------- C:\Program Files\Internet Explorer
2006-10-14 18:46 -------- d-------- C:\Program Files\BitComet
2006-10-14 16:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-14 14:08 -------- d-------- C:\Program Files\Common Files\Panda Software
2006-10-09 19:07 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-09 17:44 -------- d-------- C:\Program Files\QuickTime
2006-10-09 17:44 -------- d-------- C:\Program Files\iTunes
2006-10-09 16:21 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 23:14 -------- d-------- C:\Program Files\FFDShow
2006-09-17 18:05 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-25 21:33 -------- d-------- C:\Program Files\Intel
2006-08-25 20:44 -------- d-------- C:\Program Files\Dell
2006-08-25 20:08 -------- d-------- C:\Program Files\Analog Devices
2006-08-25 02:05 -------- d-------- C:\Program Files\Movie Maker
2006-08-24 19:43 -------- d-------- C:\Program Files\Valve
2006-08-21 22:29 -------- d-------- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Media Player Classic
2006-08-21 18:41 -------- d-------- C:\Program Files\Java
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 19:18 -------- d-------- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\AdobeUM
2006-08-16 12:00 6144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-08-15 17:42 -------- d-------- C:\Program Files\Windows Media Player
2006-08-09 02:19 1069 --a------ C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\AdobeDLM.log
2006-08-08 22:51 0 --a--c--- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\dm.ini
2006-08-08 21:41 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-07 23:05 0 -rahs---- C:\MSDOS.SYS
2006-08-07 23:05 0 -rahs---- C:\IO.SYS
2006-08-04 11:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 11:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-26 22:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-26 22:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AdaptecDirectCD"="C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,01,00,00,00,00,00,00,40,01,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-10-15 11:29:23.48
C:\ComboFix.txt ... 06-10-15 11:29
Looks like you've got a rootkit there. We'll run three different rootkit scanners to make sure we get them all. Make sure you only by the instructions, don't delete/disinfect anything before checking the logs first.
Please download AVG Anti-Rootkit (http://www.freewarefiles.com/program_9_90_22524.html) to your desktop.
Double-click the installation file
Just click Next, let it go with default settings.
Once the installation is ready, reboot.
Run AVG Anti-Rootkit Beta.exe.
Click Search for rootkits.
When finished, click Save result to file.
Post back with the results. (Not sure where they are located, either in C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta\ folder or on your desktop.)
-------
Download GMER (http://www.gmer.net/gmer.zip):
Unzip it and double-click GMER.exe
Click the rootkit-tab and click scan.
Once done, click Copy.
This will copy the results to clipboard.
Paste the results in your next reply along with the others requested.
-----
Finally run this scan....
Please download and save Blacklight (https://europe.f-secure.com/blacklight/try.shtml) to your desktop:
Double-click blbeta.exe.
Accept the agreement.
Click Scan.
Click Next.
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there. Post this along with the AVG and Gmer logs. Do NOT delete anything without me checking first :)
Done and done. :bigthumb:
C:\WINDOWS\system32:lzx32.sys Hidden driver file
As for GMER, my computer reset half way through the scan, bringing me to a screen saying "Windows has detected an error and must reset" or something along those lines, I tried it again in Safe Mode but the same thing happened, however by just starting up the program I get this log:
[As I was typeing this message for the first time (This being the second), my PC reset and now the log looks different (There used to be a line like the one in the AVG scan)]
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-16 20:31:50
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F966F810] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F966FBD8] ShldDrv.SYS
---- EOF - GMER 1.0.11 ----
[After my PC reset, I re-ran the AVG and the scan found nothing]
And for Blacklight... http://tinypic.com/2w7pw1g.jpg
Hmmm... It seems that my ComboFix log has changed as well...
Kev - 06-10-16 21:02:09.96 Service Pack 2
ComboFix 06.10.14.1 - Running from: "C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
((((((((((((((((((((((((((((((( Files Created from 2006-09-16 to 2006-10-16 ))))))))))))))))))))))))))))))))))
2006-10-14 16:11 57,344 --a------ C:\WINDOWS\system32\pavipc.dll
2006-10-14 14:08 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2006-10-14 14:08 165,120 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2006-10-12 19:30 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2006-10-11 20:02 2 --a------ C:\WINDOWS\system32\wintsvcc.exe
2006-10-09 19:02 92,544 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2006-10-08 14:36 <DIR> d-------- C:\WINDOWS\McAfee.com
2006-10-05 22:29 1,233 --a------ C:\WINDOWS\system32\ggf6379b.sys
2006-10-01 23:06 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-01 23:06 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-01 23:06 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-01 23:06 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-01 23:06 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-01 23:06 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-17 17:51 91,136 -ra------ C:\WINDOWS\system32\msls2.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-16 21:00 -------- d-------- C:\Program Files\hijackthis
2006-10-16 20:40 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-16 19:18 -------- d-------- C:\Program Files\GRISOFT
2006-10-15 11:27 -------- d-------- C:\Program Files\Common Files
2006-10-15 00:19 -------- d-------- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Windows Live Safety Center
2006-10-15 00:13 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-14 21:54 -------- d---s---- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Microsoft
2006-10-14 19:02 -------- d-------- C:\Program Files\Windows Defender
2006-10-14 18:54 -------- d-------- C:\Program Files\Internet Explorer
2006-10-14 18:46 -------- d-------- C:\Program Files\BitComet
2006-10-14 16:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-14 14:08 -------- d-------- C:\Program Files\Common Files\Panda Software
2006-10-09 19:07 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-09 17:44 -------- d-------- C:\Program Files\QuickTime
2006-10-09 17:44 -------- d-------- C:\Program Files\iTunes
2006-10-09 16:21 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 23:14 -------- d-------- C:\Program Files\FFDShow
2006-09-17 18:05 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-25 21:33 -------- d-------- C:\Program Files\Intel
2006-08-25 20:44 -------- d-------- C:\Program Files\Dell
2006-08-25 20:08 -------- d-------- C:\Program Files\Analog Devices
2006-08-25 02:05 -------- d-------- C:\Program Files\Movie Maker
2006-08-24 19:43 -------- d-------- C:\Program Files\Valve
2006-08-21 22:29 -------- d-------- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\Media Player Classic
2006-08-21 18:41 -------- d-------- C:\Program Files\Java
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 19:18 -------- d-------- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\AdobeUM
2006-08-16 12:00 6144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-08-09 02:19 1069 --a------ C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\AdobeDLM.log
2006-08-08 22:51 0 --a--c--- C:\Documents and Settings\JuliaY.ADP-YNYU50FGYSX\Application Data\dm.ini
2006-08-08 21:41 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-07 23:05 0 -rahs---- C:\MSDOS.SYS
2006-08-07 23:05 0 -rahs---- C:\IO.SYS
2006-08-04 11:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 11:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-26 22:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-26 22:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AdaptecDirectCD"="C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-10-16 21:03:08.98
C:\ComboFix.txt ... 06-10-16 21:03
Please download NTrights.zip (http://www10.brinkster.com/expl0iter/freeatlast/NTrights.zip) by freeatlast on your desktop.
If you can't access it, download it HERE (http://www10.brinkster.com/expl0iter/freeatlast/dumprights.htm).
Save it on your desktop.
Unzip/extract it. (Instructions if necessary: http://metallica.geekstogo.com/xpcompressedexplanation.html)
Open the NTrights-folder.
Double-click on the Debug.bat to run it, follow any prompts it asks.
Reboot.
Double-click the Debug.bat again after reboot.
It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", things should be ok with that issue...
------
Now, please navigate to and delete the following files if present:
C:\WINDOWS\system32\wintsvcc.exe
C:\WINDOWS\system32\ggf6379b.sys
(If you can't find them, make sure you can see hidden files (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx), if you cant delete them, boot into Safe Mode (http://www.pchell.com/support/safemode.shtml) and try again. Make sure you rehide hidden files)
Empty recycle bin.
-----
After that...
Please rerun BlackLight and see if it still gives the error, if not, please post the scanlog here along with a fresh HijackThis log and let me know hows the system running now :)
Please download NTrights.zip by freeatlast on your desktop.
If you can't access it, download it HERE.
* Save it on your desktop.
* Unzip/extract it. (Instructions if necessary: http://metallica.geekstogo.com/xpcom...planation.html)
* Open the NTrights-folder.
* Double-click on the Debug.bat to run it, follow any prompts it asks.
* Reboot.
* Double-click the Debug.bat again after reboot.
It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", things should be ok with that issue...
File is corrupted/empty.
Deleted the other stuff though.
Hows your system running at the moment? :)
Its starting to look good. Any issues? Is Windows Firewall still disabled? What about Windows Update -- any issues with that?
Lets run another scanner instead of BlackLight.
Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols3.shtml#)
Note: This scanner is for Internet Explorer only!
Follow the instructions here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs, click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and copy & paste the entire report in your next reply.
Sorry for the late reply, hadnt gotten a chance to get on the computer.
Firewall is working great, thanks. However, Windows Update still keeps failing.
So anyway here is my F-Secure log. (It says it just renamed/submitted them, so are they still there? should I be concered? :scratch:)
Scanning Report
Friday, October 20, 2006 19:21:27 - 20:58:17
Computer name: KEVIN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 10 malware found
IM-Worm.Win32.VB.aq (virus)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP515\A0061336.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP513\A0050268.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP513\A0050273.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP512\A0047141.EXE (Renamed & Submitted)
Trojan-Clicker.Win32.Costrat.k (virus)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP512\A0047157.EXE (Renamed & Submitted)
Trojan-Downloader.MSIL.Agent.c (virus)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP532\A0074117.EXE (Renamed & Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP532\A0074118.EXE (Renamed & Submitted)
W32/Malware (virus)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP593\A0097480.EXE (Submitted)
W32/NetworkWorm (virus)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP529\A0074023.EXE (Submitted)
W32/Smalldoor.GRU (virus)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{C5FE4D57-BA26-4806-BDB7-848D4BEF7075}\RP482\A0041536.DLL (Submitted)
Statistics
Scanned:
* Files: 35279
* System: 4137
* Not scanned: 2
Actions:
* Disinfected: 0
* Renamed: 7
* Deleted: 0
* None: 3
* Submitted: 10
Files not scanned:
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
Options
Scanning engines:
* F-Secure AVP: 6.0.171, 2006-10-20
* F-Secure Libra: 2.4.1, 2006-10-20
* F-Secure Orion: 1.2.37, 2006-10-20
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0259-24-212
* F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
Looking fine :)
How is the Windows Update failing exactly?
Well... After the "Checking for the latest updates for your computer" screen...
http://i11.tinypic.com/44vb2hz.jpg
http://i11.tinypic.com/4bdvnd2.jpg
http://i11.tinypic.com/29g2a7c.jpg
And Troubleshooter is no help.
See if you can find those in the Add/Remove Programs list, uninstall them, reboot then try to update.
I've been having the exact same problem with .NET Framework 2.0 security updates. I installed them manually and hid them from the Windows update.
(After uninstalling then reinstalling .NET Framework and realizing the update still didn't work)
If they don't seem to be installed, you can get them installed manually by using google like this (it should find Microsoft's manual downloads):
Look for: Security Update for Windows XP (KB924496)
You should just change the KB part to reflect all the updates
Then for example, you can get the Malicious Software Removal tool here:
http://www.microsoft.com/security/malwareremove/default.mspx
Simply just search for the updates by their name (you can see those from your own screenshot), then add the KB part and download & install them from Microsoft. :)
HTH
All right, cool. I got the security updates but I cant find these last 4.
http://i14.tinypic.com/2nv78nl.jpg
So is there any reason why MSUpdate doesnt work?
Lemme ask for a bit of help with this :)
Not sure about those update problems since I've been having them myself aswell.
A suggestion from one of the experts.. We'll see if this does the trick :)
Please run a scan with HijackThis and check the following object for removal:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155676927265
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
Manual installation instructions for Windows Update controls
http://v4.windowsupdate.microsoft.com/troubleshoot/
Download Windows Update controls (http://v4.windowsupdate.microsoft.com/cab/x86/unicode/iuctl.cab) and save them to your desktop. Extract the .cab file following the steps below:
1. Go to the desktop and right click the iuctl.cab file.
2. Click "Open".
3. Select all the files listed.
4. Right click on them and click "Extract."
5. Point to a known location (like the desktop) and click "OK."
6. Go to the location you selected and right click the iuctl.inf file.
5. Click "Install." Reboot.
-----
Try again and let me know if it makes any difference.
Maybe you should try to go & update your drivers from the manufacturer's websites rather than M$ Update - see if it works. If you do get the driver updates installed, do the next step and then try to update the Genuine Advantage thing. :)
Then also lets do this and see if helps anything:
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
----
Still issues with the updates?
If that doesn't help either, have a shot at this aswell, might or might not help.
http://support.microsoft.com/kb/290301
Then also with Internet Explorer, you could try adding Windows Update to your Trusted Sites list then refresh and try again...
Did you try Windows Install Clean Up thingy on Windows Genuine Advantage?
Try it, then go to Microsoft Update again. See if there's any difference.....
It seemed to help me with my .NET Framework update issues.
If still no luck, let me know... Oh, did you have any luck on the driver manufacturer's sites? Recommend checking them if you didn't..
Well actually, I'm not too sure what I'm supposed to remove with the clean up thingy. Also, I did update my drivers from the manufacturer's site but it still remains in MS Update.
Download this, http://support.microsoft.com/kb/290301
Install it. Run it. From the list, choose (it should be called) "Windows Genuine Advantage" then some numbers after it and the version number.
Click Remove. Then reboot, go back to Microsoft Update and let me know if there's still issues. Not sure about the driver updates tho...
No no, I mean it's not even there.
Sorry for the delay I've been busy, I'm still working on this..
Another thing found that might be causing this I'll be posting back a bit later first I'll talk to the experts :)
Okay, it could be you are missing an important regkey that's needed for the updates. Lets try this (will only help if you are missing it) -- then try updating again and let me know if any difference. :)
Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Fixing.reg to your desktop.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"Asynchronous"=dword:00000001
"DLLName"="WlNotify.dll"
"Impersonate"=dword:00000001
"Lock"="SensLockEvent"
"Logoff"="SensLogoffEvent"
"Logon"="SensLogonEvent"
"MaxWait"=dword:00000258
"Safe"=dword:00000001
"Shutdown"="SensShutdownEvent"
"StartScreenSaver"="SensStartScreenSaverEvent"
"StartShell"="SensStartShellEvent"
"Startup"="SensStartupEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Unlock"="SensUnlockEvent"
"Disconnect"="SensDisconnectEvent"
"PostShell"="SensPostShellEvent"
"Reconnect"="SensReconnectEvent"
Now double-click on the Fixing.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.
Reboot and let me know.
Awesome man! It worked! Thank you so much! :D:
Looks like we have some more checking to do but not too much. Mosaic1 (an expert), wants to see the contents of your Winlogon Notify regkey... Just to check there's nothing else missing than just the one we replaced.
Go to Start -> Run, type in: cmd
Click ok. An box will open up, write the following bolded command in there, including the quote marks (be exact with the command, it has to be exactly like this) --
Regedit /e /a notify.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" & Start notepad notify.txt
You will get an open notepad file named notify.txt which should have text in it.
Please copy & paste ALL the contents here :)
And like said, if you don't put it exactly like this, then you won't get the .txt file, you can try as many times as you need.. Let me know if you have any problems.
1. The text that you have entered is too long (953618 characters). Please shorten it to 20000 characters long.
haha...
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"CurrentBuild"="1.511.1 () (Obsolete data - do not use)"
"InstallDate"=dword:3df6b624
"ProductName"="Microsoft Windows XP"
"RegDone"=""
"RegisteredOrganization"="ADP"
"RegisteredOwner"="Julia"
"SoftwareType"="SYSTEM"
"CurrentVersion"="5.1"
"CurrentBuildNumber"="2600"
"BuildLab"="2600.xpsp_sp2_gdr.050301-1519"
"CurrentType"="Uniprocessor Free"
"SystemRoot"="C:\\WINDOWS"
"SourcePath"="D:\\I386"
"PathName"="C:\\WINDOWS"
"ProductId"="55274-OEM-0011903-00102"
"DigitalProductId"=hex:a4,00,00,00,03,00,00,00,35,35,32,37,34,2d,4f,45,4d,2d,\
30,30,31,31,39,30,33,2d,30,30,31,30,32,00,2d,00,00,00,41,32,32,2d,30,30,30,\
30,31,00,00,00,00,00,00,00,4c,98,2f,0e,d5,0c,91,cc,a1,4a,a1,e1,d2,eb,03,00,\
00,00,00,00,c0,3f,f6,3d,17,af,01,00,02,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,38,33,32,32,31,00,00,00,00,00,00,00,8c,03,\
00,00,c5,a0,44,4c,fe,00,00,00,68,08,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,72,79,c3,08
"LicenseInfo"=hex:33,8f,a0,d3,a4,7c,a6,de,5a,42,c0,6f,48,70,ea,45,9e,7c,fa,06,\
5a,e0,a8,88,2f,81,e6,6d,12,1a,9c,a9,02,1b,27,81,5d,3a,37,a2,f4,d0,cd,ea,93,\
09,82,f4,96,b5,b9,fa,55,cd,43,1b
"SubVersionNumber"=""
"CSDVersion"="Service Pack 2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier]
"Application path"="Magnify.exe"
"Application type"=dword:00000001
"ClientControlCode"=dword:00000083
"Display Name"="Magnifier"
"ErrorOnLaunch"=""
"HideClient"=dword:00000000
"Start with Utility Manager"=dword:00000000
"Start with Windows"=dword:00000000
"WontRespondAction"=""
"WontRespondTimeout"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator]
"Application path"="Narrator.exe"
"Application type"=dword:00000001
"ClientControlCode"=dword:00000084
"Display Name"="Narrator"
"ErrorOnLaunch"=""
"HideClient"=dword:00000000
"Start with Utility Manager"=dword:00000001
"Start with Windows"=dword:00000000
"WontRespondAction"=""
"WontRespondTimeout"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard]
"Application path"="osk.exe"
"Application type"=dword:00000001
"ClientControlCode"=dword:00000085
"Display Name"="On-Screen Keyboard"
"ErrorOnLaunch"=""
"HideClient"=dword:00000000
"Start with Utility Manager"=dword:00000000
"Start with Windows"=dword:00000000
"WontRespondAction"=""
"WontRespondTimeout"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]
"Auto"="1"
"Debugger"="drwtsn32 -p %ld -e %ld -g"
"UserDebuggerHotKey"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr]
"ProcessTimeOut"=dword:00000e10
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands]
"ASR format utility for volumes"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,\
73,79,73,74,65,6d,33,32,5c,61,73,72,5f,66,6d,74,2e,65,78,65,20,2f,62,61,63,\
6b,75,70,00
"ASR utility for Logical Disk Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,\
25,5c,73,79,73,74,65,6d,33,32,5c,61,73,72,5f,6c,64,6d,2e,65,78,65,20,2f,62,\
61,63,6b,75,70,00
"ASR protected file utility"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,\
79,73,74,65,6d,33,32,5c,61,73,72,5f,70,66,75,2e,65,78,65,20,2f,62,61,63,6b,\
75,70,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes\NameSpace]
"CombinedKeys"=hex(7):5c,2a,00,5c,2a,5c,73,68,65,6c,6c,65,78,00,5c,2a,5c,73,68,\
65,6c,6c,65,78,5c,43,6f,6e,74,65,78,74,4d,65,6e,75,48,61,6e,64,6c,65,72,73,\
00,5c,2a,5c,73,68,65,6c,6c,65,78,5c,50,72,6f,70,65,72,74,79,53,68,65,6c,6c,\
48,61,6e,64,6c,65,72,73,00,5c,41,70,70,49,44,00,5c,43,4c,53,49,44,00,5c,43,\
6f,6d,70,6f,6e,65,6e,74,20,43,61,74,65,67,6f,72,69,65,73,00,5c,44,72,69,76,\
65,00,5c,44,72,69,76,65,5c,73,68,65,6c,6c,65,78,00,5c,44,72,69,76,65,5c,73,\
68,65,6c,6c,65,78,5c,43,6f,6e,74,65,78,74,4d,65,6e,75,48,61,6e,64,6c,65,72,\
73,00,5c,44,72,69,76,65,5c,73,68,65,6c,6c,65,78,5c,50,72,6f,70,65,72,74,79,\
53,68,65,6c,6c,48,61,6e,64,6c,65,72,73,00,5c,46,69,6c,65,54,79,70,65,00,5c,\
46,6f,6c,64,65,72,00,5c,46,6f,6c,64,65,72,5c,73,68,65,6c,6c,65,78,00,5c,46,\
6f,6c,64,65,72,5c,73,68,65,6c,6c,65,78,5c,43,6f,6c,75,6d,6e,48,61,6e,64,6c,\
65,72,00,5c,46,6f,6c,64,65,72,5c,73,68,65,6c,6c,65,78,5c,43,6f,6e,74,65,78,\
74,4d,65,6e,75,48,61,6e,64,6c,65,72,73,00,5c,46,6f,6c,64,65,72,5c,73,68,65,\
6c,6c,65,78,5c,45,78,74,53,68,65,6c,6c,46,6f,6c,64,65,72,56,69,65,77,73,00,\
5c,46,6f,6c,64,65,72,5c,73,68,65,6c,6c,65,78,5c,50,72,6f,70,65,72,74,79,53,\
68,65,65,74,48,61,6e,64,6c,65,72,73,00,5c,49,6e,73,74,61,6c,6c,65,72,5c,43,\
6f,6d,70,6f,6e,65,6e,74,73,00,5c,49,6e,73,74,61,6c,6c,65,72,5c,46,65,61,74,\
75,72,65,73,00,5c,49,6e,73,74,61,6c,6c,65,72,5c,50,72,6f,64,75,63,74,73,00,\
5c,49,6e,74,65,72,66,61,63,65,00,5c,4d,69,6d,65,00,5c,4d,69,6d,65,5c,44,61,\
74,61,62,61,73,65,00,5c,4d,69,6d,65,5c,44,61,74,61,62,61,73,65,5c,43,68,61,\
72,73,65,74,00,5c,4d,69,6d,65,5c,44,61,74,61,62,61,73,65,5c,43,6f,64,65,70,\
61,67,65,00,5c,4d,69,6d,65,5c,44,61,74,61,62,61,73,65,5c,43,6f,6e,74,65,6e,\
74,20,54,79,70,65,00,5c,54,79,70,65,6c,69,62,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]
"_3DPC"="0x00400000"
"_BNOTES"="0x224000"
"_LNOTES"="0x00100000"
"ACAD"="0x8000"
"ACROBAT"="0x04000008"
"ACT!"="0x400004"
"AD"="0x10000000"
"ADW30"="0x10000000"
"ALARMMGR"="0x0040000"
"ALDSETUP"="0x00400000"
"AMIPRINT"="0x04000000"
"AMIPRO"="0x04000010"
"APORIA"="0x0100"
"APPROACH"="0x0004"
"BALER"="0x08000000"
"BMAPP"="0x0004"
"CASMONEY"="0x00200000"
"CAVOIDE"="0x00200000"
"CCMAIL"="0x00200000"
"CCMCWFY"="0x80"
"CHARISMA"="0x2000"
"CONFIG"="0x00400000"
"CORELCHT"="0x04000000"
"CORELDRW"="0x04048000"
"CORELPNT"="0x0C000000"
"CORELVP5"="0x04000000"
"COSTAR"="0x0004"
"CP"="0x0040"
"CROSSTIE"="0x00000400"
"DARCH"="0x80"
"DELPHI"="0x40000000"
"DESIGNER"="0x00002000"
"DIRECTOR"="0x00800000"
"DPLANNER"="0x00200000"
"DRAW"="0x2000"
"DS40"="0x8000"
"DTWIN20"="0x00000400"
"EAP"="0x0004"
"ED"="0x00010000"
"EXCEL"="0x1000"
"EXPASTRO"="0x04000000"
"EXTYPWND"="0x00200000"
"FAXVIEW"="0x04000000"
"FAXWORKS"="0x00000400"
"FH4"="0x04E08000"
"FLW2"="0x8000"
"FMPRO"="0x00200000"
"FREEHAND"="0x04008000"
"FULLTEXT"="0x20000000"
"GIFTMAKE"="0x20000000"
"GUIDE"="0x1000"
"HDW"="0x04800000"
"HGW"="0x8000"
"HGW2EXE"="0x8000"
"HGW3EXE"="0x8000"
"HJDRAW"="0x00400000"
"IDAPICFG"="0x00400000"
"IDRAW"="0x04008000"
"ILLUSTRA"="0x04000000"
"ILLUSTRATOR"="0x04008000"
"IMPROV2"="0x00000000"
"INFOCENT"="0x04000000"
"INSIGHT"="0x00000400"
"INSTAL1"="0x00400000"
"INSTALL"="0x00400000"
"INSTBIN"="0x00200000"
"INTERMIS"="0x10000000"
"IS20INST"="0x00000000"
"ISSET_SE"="0x00200000"
"IVIHEALT"="0x00400000"
"JEOPARDY"="0x00200000"
"JW"="0x00000000"
"KALOAD2"="0x00400000"
"KEYCAD"="0x8000"
"LE_ADMIN"="0x00400000"
"LUI"="0x20000000"
"MAILSPL"="0x10000000"
"MAKER"="0x04200000"
"MAPS1"="0x04008022"
"MATH"="0x00000001"
"MAVIS"="0x00200000"
"MCOURIER"="0x0800"
"MFWIN20"="0x02000000"
"MILESV3"="0x1000"
"MILESV40"="0x4"
"MOZART"="0x40000000"
"MSARTIST"="0x00100000"
"MSBHUMAN"="0x4"
"MSREMIND"="0x10000000"
"MVIEWER2"="0x40200000"
"MYINV"="0x00200000"
"MYMWIN"="0x40000000"
"MYST"="0x08000000"
"NAFTA1"="0x4008022"
"NBAMW4V4"="0x04000000"
"NETSET2"="0x0100"
"NOTES"="0x200000"
"NOTSHELL"="0x0001"
"OPERATOR"="0x02000000"
"OUTPOST"="0x00000000"
"OWLAPP"="0x00400000"
"PACKRAT"="0x0800"
"PAINTER"="0x00000000"
"PAWC8DC3"="0x00400000"
"PAWIN"="0x4"
"PEACHW"="0x04800004"
"PIXIE"="0x0040"
"PLANIT"="0x0004"
"PLANNER"="0x2000"
"PLUS"="0x1000"
"PM4"="0x0400A000"
"PM5APP"="0x04008000"
"PN4APP"="0x00200000"
"PP4"="0x00000000"
"PR2"="0x2000"
"PRINTHLP"="0x0004"
"QAPLUSW"="0x0004"
"QAWRITE"="0x42080"
"QLIIFAX"="0x00400000"
"QUAKE"="0x80"
"QW"="0x08000000"
"RELAY"="0x20000000"
"REM"="0x8022"
"RR2CD"="0x00200000"
"RX"="0x00000400"
"RXL"="0x00000400"
"SCHUBERT"="0x40000000"
"SETUP"="0x00000000"
"SIDEKICK"="0x0004"
"SLEEPER"="0x10000000"
"SPCB"="0x04008000"
"SPORTJEP"="0x00200000"
"SPWIN20"="0x00400000"
"SSBWIN"="0x00200000"
"ST2"="0x4008022"
"STRAUSS"="0x40000000"
"STRAV"="0x40000000"
"SWCWIN"="0x00800004"
"TCVWIN"="0x00200000"
"TCW"="0x00400000"
"TCWIN"="0x0004"
"TERRAIN"="0x00400000"
"TISETUP"="0x00200000"
"TL6"="0x08000000"
"TME"="0x0100"
"TMSWIN"="0x20000000"
"TMTWIN"="0x00200000"
"TMTWINCD"="0x00200000"
"TOUCHUP"="0x00400000"
"TURBOTAX"="0x00080000"
"VB"="0x0200"
"VEWINFIL"="0x00400000"
"VISIO"="0x00000004"
"VISIOHM"="0x00000004"
"VISION"="0x0040"
"W4GL"="0x4000"
"W4GLR"="0x4000"
"WGW"="0x00440000"
"WIN2WRS"="0x1210"
"WINCIM"="0x4"
"WINLINK"="0x20000000"
"WINPHONE"="0x0004"
"WINSIM"="0x3000"
"WINTACH"="0x00200000"
"WORDSCAN"="0x02200000"
"WPWIN60"="0x00000400"
"WPWIN61"="0x02000400"
"WPWINFIL"="0x00000006"
"WS32"="0x00200000"
"WSETUP"="0x00200000"
"XPRESS"="0x04000008"
"ZETA01"="0x00400000"
"ZIFFBOOK"="0x00200000"
"NOTIFIER"="0x400000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32]
"bcb"="0x40000000"
"CORELDRW"="0x04000000"
"DELPHI32"="0x40000000"
"FH7"="0x04000000"
"GMW4"="0x80000000"
"ILLUSTRATOR"="0x04000000"
"MAMEW8"="0x40000000"
"MAMEW9"="0x40000000"
"PM65"="0x04000000"
"PM65C"="0x04000000"
"PM65J"="0x04000000"
"PM65K"="0x04000000"
"PM65ME"="0x04000000"
"QUARKXPRESS"="0x04000000"
"STREAMLINE"="0x40000000"
"WINWORD"="0x80000000"
"WORDPRO"="0x80000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console\Nls]
"00000409"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont]
"0"="Lucida Console"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers]
"timer"="timer.drv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc]
"msaud32.acm"="Windows Media Audio"
"sl_anet.acm"="Sipro Lab Telecom Audio Codec"
"C:\\WINDOWS\\System32\\iac25_32.ax"="Indeo® audio software"
"ir50_32.dll"="Indeo® video 5.10"
"C:\\WINDOWS\\System32\\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
"l3codecx.acm"="Fraunhofer IIS MPEG Layer-3 Codec"
"wdmaud.drv"="SoundMAX Integrated Digital Audio"
"mpg4c32.dll"="Microsoft MPEG-4 Video Codec v1"
"ff_vfw.dll"="ffdshow video encoder"
"sirenacm.dll"="MSN Messenger Audio Codec"
"DivX.dll"="DivX 6.4.0 Codec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="l3codecx.acm"
"VIDC.MP42"="mpg4c32.dll"
"VIDC.MPG4"="mpg4c32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"vidc.ffds"="ff_vfw.dll"
"msacm.siren"="sirenacm.dll"
"vidc.DIVX"="DivX.dll"
"vidc.yv12"="DivX.dll"
seven text...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
"mixer"="rdpsnd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding]
"PBrush"="Paintbrush Picture,Paintbrush Picture,pbrush.exe,picture"
"SoundRec"="Sound,Sound,sndrec32.exe,picture"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]
"MicrosoftRedirectionURL"="http://go.microsoft.com/fwlink/events.asp"
"MicrosoftRedirectionProgram"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,50,\
43,48,65,61,6c,74,68,5c,48,65,6c,70,43,74,72,5c,42,69,6e,61,72,69,65,73,5c,\
48,65,6c,70,43,74,72,2e,65,78,65,00
"MicrosoftRedirectionProgramCommandLineParameters"="-url hcp://services/centers/support?topic=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager\AddOns]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers]
"Adobe Type Manager"="atmfd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDPI]
"LogPixels"=dword:00000060
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]
"ARIAL"=dword:00000000
"COURIER"=dword:00008800
"COURIER NEW"=dword:00008000
"FIXEDSYS"=dword:00009000
"MS SANS SERIF"=dword:00001000
"MS SERIF"=dword:00005000
"SMALL FONTS"=dword:00000800
"SYMBOL"=dword:00004002
"SYMBOL1"=dword:0000a002
"TIMES NEW ROMAN"=dword:00004000
"WINGDINGS"=dword:00000002
"WINGDINGS2"=dword:00008002
"DEFAULT"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Roman (All res)"="ROMAN.FON"
"Script (All res)"="SCRIPT.FON"
"Modern (All res)"="MODERN.FON"
"Small Fonts (VGA res)"="SMALLE.FON"
"Arial (TrueType)"="ARIAL.TTF"
"Arial Bold (TrueType)"="ARIALBD.TTF"
"Arial Bold Italic (TrueType)"="ARIALBI.TTF"
"Arial Italic (TrueType)"="ARIALI.TTF"
"Courier New (TrueType)"="COUR.TTF"
"Courier New Bold (TrueType)"="COURBD.TTF"
"Courier New Bold Italic (TrueType)"="COURBI.TTF"
"Courier New Italic (TrueType)"="COURI.TTF"
"Lucida Console (TrueType)"="LUCON.TTF"
"Lucida Sans Unicode (TrueType)"="L_10646.TTF"
"Times New Roman (TrueType)"="TIMES.TTF"
"Times New Roman Bold (TrueType)"="TIMESBD.TTF"
"Times New Roman Bold Italic (TrueType)"="TIMESBI.TTF"
"Times New Roman Italic (TrueType)"="TIMESI.TTF"
"WingDings (TrueType)"="WINGDING.TTF"
"Symbol (TrueType)"="SYMBOL.TTF"
"Symbol 8,10,12,14,18,24 (VGA res)"="SYMBOLE.FON"
"Verdana (TrueType)"="verdana.TTF"
"Verdana Bold (TrueType)"="verdanab.TTF"
"Verdana Italic (TrueType)"="verdanai.TTF"
"Verdana Bold Italic (TrueType)"="verdanaz.TTF"
"Arial Black (TrueType)"="ARIBLK.TTF"
"Comic Sans MS (TrueType)"="comic.TTF"
"Comic Sans MS Bold (TrueType)"="comicbd.TTF"
"Impact (TrueType)"="impact.TTF"
"Georgia (TrueType)"="georgia.TTF"
"Georgia Bold (TrueType)"="georgiab.TTF"
"Georgia Bold Italic (TrueType)"="georgiaz.TTF"
"Georgia Italic (TrueType)"="georgiai.TTF"
"Franklin Gothic Medium (TrueType)"="Framd.TTF"
"Franklin Gothic Medium Italic (TrueType)"="Framdit.TTF"
"Palatino Linotype (TrueType)"="pala.TTF"
"Palatino Linotype Bold (TrueType)"="palab.TTF"
"Palatino Linotype Bold Italic (TrueType)"="palabi.TTF"
"Palatino Linotype Italic (TrueType)"="palai.TTF"
"Tahoma Bold (TrueType)"="TAHOMABD.TTF"
"Trebuchet MS (TrueType)"="trebuc.TTF"
"Trebuchet MS Bold (TrueType)"="trebucbd.TTF"
"Trebuchet MS Bold Italic (TrueType)"="trebucbi.TTF"
"Trebuchet MS Italic (TrueType)"="trebucit.TTF"
"Webdings (TrueType)"="webdings.TTF"
"Estrangelo Edessa (TrueType)"="estre.TTF"
"Gautami (TrueType)"="gautami.TTF"
"Latha (TrueType)"="latha.TTF"
"Mangal (TrueType)"="mangal.TTF"
"Mv Boli (TrueType)"="mvboli.TTF"
"Raavi (TrueType)"="raavi.TTF"
"Shruti (TrueType)"="shruti.TTF"
"Tunga (TrueType)"="tunga.TTF"
"Sylfaen (TrueType)"="sylfaen.TTF"
"WST_Czec (All res)"="wst_czec.FON"
"WST_Engl (All res)"="wst_engl.FON"
"WST_Fren (All res)"="wst_fren.FON"
"WST_Germ (All res)"="wst_germ.FON"
"WST_Ital (All res)"="wst_ital.FON"
"WST_Span (All res)"="wst_span.FON"
"WST_Swed (All res)"="wst_swed.FON"
"Courier 10,12,15 (VGA res)"="COURE.FON"
"MS Sans Serif 8,10,12,14,18,24 (VGA res)"="SSERIFE.FON"
"MS Serif 8,10,12,14,18,24 (VGA res)"="SERIFE.FON"
"Tahoma (TrueType)"="TAHOMA.TTF"
"Microsoft Sans Serif (TrueType)"="MICROSS.TTF"
"Agency FB Bold (TrueType)"="AGENCYB.TTF"
"Algerian (TrueType)"="ALGER.TTF"
"Arial Narrow (TrueType)"="ARIALN.TTF"
"Arial Rounded MT Bold (TrueType)"="ARLRDBD.TTF"
"Baskerville Old Face (TrueType)"="BASKVILL.TTF"
"Bauhaus 93 (TrueType)"="BAUHS93.TTF"
"Bell MT (TrueType)"="BELL.TTF"
"Berlin Sans FB Bold (TrueType)"="BRLNSB.TTF"
"Bernard MT Condensed (TrueType)"="BERNHC.TTF"
"Blackadder ITC (TrueType)"="ITCBLKAD.TTF"
"Bodoni MT (TrueType)"="BOD_R.TTF"
"Bodoni MT Black (TrueType)"="BOD_BLAR.TTF"
"Bodoni MT Condensed (TrueType)"="BOD_CR.TTF"
"Bodoni MT Poster Compressed (TrueType)"="BOD_PSTC.TTF"
"Book Antiqua (TrueType)"="BKANT.TTF"
"Bookman Old Style (TrueType)"="BOOKOS.TTF"
"Bradley Hand ITC (TrueType)"="BRADHITC.TTF"
"Britannic Bold (TrueType)"="BRITANIC.TTF"
"Broadway (TrueType)"="BROADW.TTF"
"Brush Script MT Italic (TrueType)"="BRUSHSCI.TTF"
"Californian FB (TrueType)"="CALIFR.TTF"
"Calisto MT (TrueType)"="CALIST.TTF"
"Castellar (TrueType)"="CASTELAR.TTF"
"Centaur (TrueType)"="CENTAUR.TTF"
"Century Gothic (TrueType)"="GOTHIC.TTF"
"Century Schoolbook (TrueType)"="CENSCBK.TTF"
"Chiller (TrueType)"="CHILLER.TTF"
"Colonna MT (TrueType)"="COLONNA.TTF"
"Cooper Black (TrueType)"="COOPBL.TTF"
"Copperplate Gothic Bold (TrueType)"="COPRGTB.TTF"
"Copperplate Gothic Light (TrueType)"="COPRGTL.TTF"
"Curlz MT (TrueType)"="CURLZ___.TTF"
"Edwardian Script ITC (TrueType)"="ITCEDSCR.TTF"
"Elephant (TrueType)"="ELEPHNT.TTF"
"Engravers MT (TrueType)"="ENGR.TTF"
"Eras Bold ITC (TrueType)"="ERASBD.TTF"
"Eras Demi ITC (TrueType)"="ERASDEMI.TTF"
"Eras Light ITC (TrueType)"="ERASLGHT.TTF"
"Eras Medium ITC (TrueType)"="ERASMD.TTF"
"Felix Titling (TrueType)"="FELIXTI.TTF"
"Footlight MT Light (TrueType)"="FTLTLT.TTF"
"Forte (TrueType)"="FORTE.TTF"
"Franklin Gothic Book (TrueType)"="FRABK.TTF"
"Franklin Gothic Demi (TrueType)"="FRADM.TTF"
"Franklin Gothic Demi Cond (TrueType)"="FRADMCN.TTF"
"Franklin Gothic Heavy (TrueType)"="FRAHV.TTF"
"Franklin Gothic Medium Cond (TrueType)"="FRAMDCN.TTF"
"Freestyle Script (TrueType)"="FREESCPT.TTF"
"French Script MT (TrueType)"="FRSCRIPT.TTF"
"Garamond (TrueType)"="GARA.TTF"
"Gigi (TrueType)"="GIGI.TTF"
"Gill Sans MT Ext Condensed Bold (TrueType)"="GLSNECB.TTF"
"Gill Sans MT (TrueType)"="GIL_____.TTF"
"Gill Sans MT Condensed (TrueType)"="GILC____.TTF"
"Gill Sans Ultra Bold (TrueType)"="GILSANUB.TTF"
"Gill Sans Ultra Bold Condensed (TrueType)"="GILLUBCD.TTF"
"Gloucester MT Extra Condensed (TrueType)"="GLECB.TTF"
"Goudy Old Style (TrueType)"="GOUDOS.TTF"
"Goudy Stout (TrueType)"="GOUDYSTO.TTF"
"Haettenschweiler (TrueType)"="HATTEN.TTF"
"Harlow Solid Italic (TrueType)"="HARLOWSI.TTF"
"Harrington (TrueType)"="HARNGTON.TTF"
"High Tower Text (TrueType)"="HTOWERT.TTF"
"Imprint MT Shadow (TrueType)"="IMPRISHA.TTF"
"Jokerman (TrueType)"="JOKERMAN.TTF"
"Juice ITC (TrueType)"="JUICE___.TTF"
"Kristen ITC (TrueType)"="ITCKRIST.TTF"
"Kunstler Script (TrueType)"="KUNSTLER.TTF"
"Lucida Bright (TrueType)"="LBRITE.TTF"
"Lucida Calligraphy Italic (TrueType)"="LCALLIG.TTF"
"Lucida Fax Regular (TrueType)"="LFAX.TTF"
"Lucida Handwriting Italic (TrueType)"="LHANDW.TTF"
"Lucida Sans Regular (TrueType)"="LSANS.TTF"
"Lucida Sans Typewriter Regular (TrueType)"="LTYPE.TTF"
"MS Outlook (TrueType)"="OUTLOOK.TTF"
"Magneto Bold (TrueType)"="MAGNETOB.TTF"
"Maiandra GD (TrueType)"="MAIAN.TTF"
"Matura MT Script Capitals (TrueType)"="MATURASC.TTF"
"Mistral (TrueType)"="MISTRAL.TTF"
"Modern No. 20 (TrueType)"="MOD20.TTF"
"Monotype Corsiva (TrueType)"="MTCORSVA.TTF"
"Niagara Engraved (TrueType)"="NIAGENG.TTF"
"Niagara Solid (TrueType)"="NIAGSOL.TTF"
"OCR A Extended (TrueType)"="OCRAEXT.TTF"
"Old English Text MT (TrueType)"="OLDENGL.TTF"
"Onyx (TrueType)"="ONYX.TTF"
"Palace Script MT (TrueType)"="PALSCRI.TTF"
"Papyrus (TrueType)"="PAPYRUS.TTF"
"Parchment (TrueType)"="PARCHM.TTF"
"Perpetua (TrueType)"="PER_____.TTF"
"Perpetua Titling MT Bold (TrueType)"="PERTIBD.TTF"
"Playbill (TrueType)"="PLAYBILL.TTF"
"Poor Richard (TrueType)"="POORICH.TTF"
"Pristina (TrueType)"="PRISTINA.TTF"
"Rage Italic (TrueType)"="RAGE.TTF"
"Ravie (TrueType)"="RAVIE.TTF"
"Rockwell (TrueType)"="ROCK.TTF"
"Rockwell Condensed (TrueType)"="ROCC____.TTF"
"Rockwell Extra Bold (TrueType)"="ROCKEB.TTF"
"Informal Roman (TrueType)"="INFROMAN.TTF"
"Script MT Bold (TrueType)"="SCRIPTBL.TTF"
"Showcard Gothic (TrueType)"="SHOWG.TTF"
"Snap ITC (TrueType)"="SNAP____.TTF"
"Stencil (TrueType)"="STENCIL.TTF"
"Tw Cen MT Bold (TrueType)"="TCB_____.TTF"
"Tw Cen MT Condensed (TrueType)"="TCCM____.TTF"
"Tw Cen MT Condensed Bold (TrueType)"="TCCB____.TTF"
"Tw Cen MT (TrueType)"="TCM_____.TTF"
"Tempus Sans ITC (TrueType)"="TEMPSITC.TTF"
"Viner Hand ITC (TrueType)"="VINERITC.TTF"
"Vivaldi Italic (TrueType)"="VIVALDII.TTF"
"Vladimir Script (TrueType)"="VLADIMIR.TTF"
"Wide Latin (TrueType)"="LATINWD.TTF"
"Wingdings 2 (TrueType)"="WINGDNG2.TTF"
"Wingdings 3 (TrueType)"="WINGDNG3.TTF"
"Agency FB (TrueType)"="AGENCYR.TTF"
"Book Antiqua Bold (TrueType)"="ANTQUAB.TTF"
"Book Antiqua Bold Italic (TrueType)"="ANTQUABI.TTF"
"Book Antiqua Italic (TrueType)"="ANTQUAI.TTF"
"Arial Black Italic (TrueType)"="ARBLI___.TTF"
"Arial Narrow Bold (TrueType)"="ARIALNB.TTF"
"Arial Narrow Bold Italic (TrueType)"="ARIALNBI.TTF"
"Arial Narrow Italic (TrueType)"="ARIALNI.TTF"
"Bell MT Bold (TrueType)"="BELLB.TTF"
"Bell MT Italic (TrueType)"="BELLI.TTF"
"Bodoni MT Bold (TrueType)"="BOD_B.TTF"
"Bodoni MT Bold Italic (TrueType)"="BOD_BI.TTF"
"Bodoni MT Black Italic (TrueType)"="BOD_BLAI.TTF"
"Bodoni MT Condensed Bold (TrueType)"="BOD_CB.TTF"
"Bodoni MT Condensed Bold Italic (TrueType)"="BOD_CBI.TTF"
"Bodoni MT Condensed Italic (TrueType)"="BOD_CI.TTF"
"Bodoni MT Italic (TrueType)"="BOD_I.TTF"
"Bookman Old Style Bold (TrueType)"="BOOKOSB.TTF"
"Bookman Old Style Bold Italic (TrueType)"="BOOKOSBI.TTF"
"Bookman Old Style Italic (TrueType)"="BOOKOSI.TTF"
"Berlin Sans FB Demi Bold (TrueType)"="BRLNSDB.TTF"
"Berlin Sans FB (TrueType)"="BRLNSR.TTF"
"Californian FB Bold (TrueType)"="CALIFB.TTF"
"Californian FB Italic (TrueType)"="CALIFI.TTF"
"Calisto MT Bold (TrueType)"="CALISTB.TTF"
"Calisto MT Bold Italic (TrueType)"="CALISTBI.TTF"
"Calisto MT Italic (TrueType)"="CALISTI.TTF"
"Elephant Italic (TrueType)"="ELEPHNTI.TTF"
"Franklin Gothic Book Italic (TrueType)"="FRABKIT.TTF"
"Franklin Gothic Demi Italic (TrueType)"="FRADMIT.TTF"
"Franklin Gothic Heavy Italic (TrueType)"="FRAHVIT.TTF"
"Garamond Bold (TrueType)"="GARABD.TTF"
"Garamond Italic (TrueType)"="GARAIT.TTF"
"Gill Sans MT Bold Italic (TrueType)"="GILBI___.TTF"
"Gill Sans MT Bold (TrueType)"="GILB____.TTF"
"Gill Sans MT Italic (TrueType)"="GILI____.TTF"
"Century Gothic Bold (TrueType)"="GOTHICB.TTF"
"Century Gothic Bold Italic (TrueType)"="GOTHICBI.TTF"
"Century Gothic Italic (TrueType)"="GOTHICI.TTF"
"Goudy Old Style Bold (TrueType)"="GOUDOSB.TTF"
"Goudy Old Style Italic (TrueType)"="GOUDOSI.TTF"
"High Tower Text Italic (TrueType)"="HTOWERTI.TTF"
"Lucida Bright Demibold (TrueType)"="LBRITED.TTF"
"Lucida Bright Demibold Italic (TrueType)"="LBRITEDI.TTF"
"Lucida Bright Italic (TrueType)"="LBRITEI.TTF"
"Lucida Fax Demibold (TrueType)"="LFAXD.TTF"
"Lucida Fax Demibold Italic (TrueType)"="LFAXDI.TTF"
"Lucida Fax Italic (TrueType)"="LFAXI.TTF"
"Lucida Sans Demibold Roman (TrueType)"="LSANSD.TTF"
"Lucida Sans Demibold Italic (TrueType)"="LSANSDI.TTF"
"Lucida Sans Italic (TrueType)"="LSANSI.TTF"
"Lucida Sans Typewriter Bold (TrueType)"="LTYPEB.TTF"
"Lucida Sans Typewriter Bold Oblique (TrueType)"="LTYPEBO.TTF"
"Lucida Sans Typewriter Oblique (TrueType)"="LTYPEO.TTF"
"Perpetua Bold Italic (TrueType)"="PERBI___.TTF"
"Perpetua Bold (TrueType)"="PERB____.TTF"
"Perpetua Italic (TrueType)"="PERI____.TTF"
"Perpetua Titling MT Light (TrueType)"="PERTILI.TTF"
"Rockwell Condensed Bold (TrueType)"="ROCCB___.TTF"
"Rockwell Bold (TrueType)"="ROCKB.TTF"
"Rockwell Bold Italic (TrueType)"="ROCKBI.TTF"
"Rockwell Italic (TrueType)"="ROCKI.TTF"
"Century Schoolbook Bold (TrueType)"="SCHLBKB.TTF"
"Century Schoolbook Bold Italic (TrueType)"="SCHLBKBI.TTF"
"Century Schoolbook Italic (TrueType)"="SCHLBKI.TTF"
"Tw Cen MT Bold Italic (TrueType)"="TCBI____.TTF"
"Tw Cen MT Condensed Extra Bold (TrueType)"="TCCEB.TTF"
"Tw Cen MT Italic (TrueType)"="TCMI____.TTF"
"MapSymbols (TrueType)"="C:\\Program Files\\Common Files\\Microsoft Shared\\Datamap\\MAPSYM.TTF"
"Kartika (TrueType)"="Kartika.ttf"
"Vrinda (TrueType)"="Vrinda.ttf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"Arial CE,238"="Arial,238"
"Arial CYR,204"="Arial,204"
"Arial Greek,161"="Arial,161"
"Arial TUR,162"="Arial,162"
"Courier New CE,238"="Courier New,238"
"Courier New CYR,204"="Courier New,204"
"Courier New Greek,161"="Courier New,161"
"Courier New TUR,162"="Courier New,162"
"Helv"="MS Sans Serif"
"Helvetica"="Arial"
"MS Shell Dlg 2"="Tahoma"
"Times"="Times New Roman"
"Times New Roman CE,238"="Times New Roman,238"
"Times New Roman CYR,204"="Times New Roman,204"
"Times New Roman Greek,161"="Times New Roman,161"
"Times New Roman TUR,162"="Times New Roman,162"
"Tms Rmn"="MS Serif"
"Arial Baltic,186"="Arial,186"
"Courier New Baltic,186"="Courier New,186"
"Times New Roman Baltic,186"="Times New Roman,186"
"MS Shell Dlg"="Microsoft Sans Serif"
seven text...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]
"FIXEDFON.FON"="vgafix.fon"
"FONTS.FON"="vgasys.fon"
"OEMFONT.FON"="vgaoem.fon"
"DisableRemoteFontBootCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB873339]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB873339"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB873339"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB873339\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB885835"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB885835"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885836]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB885836"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB885836"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885836\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885884]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB885884"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB885884"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885884\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB886185]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB886185"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB886185"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB886185\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB888113]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB888113"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB888113"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB888113\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB888302]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB888302"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB888302"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB888302\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890046]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB890046)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB890046)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890046\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890859]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB890859"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB890859"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890859\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB891122]
"Installed"=dword:00000001
"Comments"="Windows Media Format SDK Hotfix - KB891122"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB891781]
"Installed"=dword:00000001
"Comments"="Windows XP Hotfix - KB891781"
"Backup Dir"=""
"Fix Description"="Windows XP Hotfix - KB891781"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB891781\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893756]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB893756)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB893756)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893756\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2]
"Installed"=dword:00000001
"Comments"="Windows Installer 3.1"
"Backup Dir"=""
"Fix Description"="Windows Installer 3.1"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB894391]
"Installed"=dword:00000001
"Comments"="Update for Windows XP (KB894391)"
"Backup Dir"=""
"Fix Description"="Update for Windows XP (KB894391)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB894391\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896344]
"Installed"=dword:00000001
"Comments"="Hotfix for Windows XP (KB896344)"
"Backup Dir"=""
"Fix Description"="Hotfix for Windows XP (KB896344)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896344\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896358]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB896358)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB896358)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896358\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896423]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB896423)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB896423)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896423\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896424]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB896424)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB896424)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896424\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896428]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB896428)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB896428)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896428\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB898461]
"Installed"=dword:00000001
"Comments"="Update for Windows XP (KB898461)"
"Backup Dir"=""
"Fix Description"="Update for Windows XP (KB898461)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB898461\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB899587]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB899587)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB899587)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB899587\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB899589]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB899589)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB899589)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB899589\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB899591]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB899591)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB899591)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB899591\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB900485]
"Installed"=dword:00000001
"Comments"="Update for Windows XP (KB900485)"
"Backup Dir"=""
"Fix Description"="Update for Windows XP (KB900485)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB900485\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB900725]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB900725)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB900725)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB900725\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB901017]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB901017)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB901017)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB901017\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB901190]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB901190)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB901190)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB901190\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB901214]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB901214)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB901214)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB901214\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB902344]
"Installed"=dword:00000001
"Comments"="Hotfix for Windows Media Format SDK (KB902344)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB902400]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB902400)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB902400)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB902400\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB904706]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB904706)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB904706)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB904706\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB904942]
"Installed"=dword:00000001
"Comments"="Update for Windows XP (KB904942)"
"Backup Dir"=""
"Fix Description"="Update for Windows XP (KB904942)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB904942\File 1]
"Flags"=""
"New File"=""
"New Link Date"=""
"Old Link Date"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB905414]
"Installed"=dword:00000001
"Comments"="Security Update for Windows XP (KB905414)"
"Backup Dir"=""
"Fix Description"="Security Update for Windows XP (KB905414)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000003
"Valid"=dword:00000001
seven text...
arg.. is it possible to just host this file?
arg.. is it possible to just host this file?
Actually Mosaic said it seems you did something wrong since this notify.txt shouldn't be so long. And it also seems it lists reg entries that it shouldn't. Try the command again and then see if any difference?
Looks like this would be the best way. Go to Start -> Run and copy/paste the following command straight into it and click OK:
cmd /c Regedit /e /a notify.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" & Start notepad notify.txt :)
All right, there we go :)
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"Asynchronous"=dword:00000001
"DLLName"="WlNotify.dll"
"Impersonate"=dword:00000001
"Lock"="SensLockEvent"
"Logoff"="SensLogoffEvent"
"Logon"="SensLogonEvent"
"MaxWait"=dword:00000258
"Safe"=dword:00000001
"Shutdown"="SensShutdownEvent"
"StartScreenSaver"="SensStartScreenSaverEvent"
"StartShell"="SensStartShellEvent"
"Startup"="SensStartupEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Unlock"="SensUnlockEvent"
"Disconnect"="SensDisconnectEvent"
"PostShell"="SensPostShellEvent"
"Reconnect"="SensReconnectEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,67,61,4c,6f,67,6f,6e,2e,64,6c,6c,00
"Event"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,92,48,46,5e,59,9b,18,46,a0,1a,98,f7,1e,34,35,4e,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,ec,1e,94,b9,81,b9,4d,2f,\
c0,f8,2e,94,55,26,7c,f6,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,68,\
d7,d1,55,0b,c0,03,a5,bb,ab,3e,fa,36,e3,f0,ec,b0,01,00,00,50,95,d7,e4,1e,41,\
e5,7a,a1,90,93,ac,69,33,ae,04,af,5d,b3,8b,94,f6,00,db,52,3d,49,76,99,f4,c3,\
41,fb,78,fe,db,6a,e3,b1,56,25,9f,10,dc,72,2b,ca,e0,b1,fb,99,e2,fb,30,a9,d5,\
ba,c6,40,06,37,c1,12,22,eb,13,66,60,fe,82,61,96,de,2a,8c,1a,8c,24,6c,6f,9a,\
75,4c,63,1e,80,9d,27,27,df,fd,17,e1,ce,e6,01,a8,75,e6,cb,c6,c8,ac,9b,c2,e2,\
41,07,79,8a,bd,52,7e,24,7d,7f,26,87,b3,eb,e8,bc,5a,fa,6b,1d,14,f4,5b,a7,d1,\
b1,80,82,a6,bb,a1,db,8a,97,89,38,c6,02,3c,fc,20,c9,5c,b9,b8,4e,a8,8e,14,a7,\
64,30,4f,0b,1c,1d,37,18,e8,8e,8b,a8,88,f3,89,c7,3a,2a,87,a6,38,2a,c3,3d,b4,\
59,fa,ba,b2,f2,22,57,60,02,42,c3,e3,a5,c9,b2,77,b5,de,3c,75,b3,75,44,f4,e6,\
b7,e7,5b,96,26,c3,b0,41,22,29,56,e6,77,75,8a,cb,7d,11,c7,58,9e,bf,f9,a3,6d,\
87,b9,67,bf,ef,81,3f,38,fa,ff,77,7b,6a,c1,89,7e,6e,98,e9,70,15,ed,fd,d4,fd,\
f8,7c,fb,6d,ee,59,14,cc,26,13,ed,3e,c7,5b,28,23,31,c3,5f,b4,fd,41,6f,a3,ec,\
9a,c9,f9,2a,9e,01,d9,53,ad,51,69,05,77,b6,35,36,f1,54,bb,07,68,24,ab,df,41,\
ac,cf,7c,e9,24,eb,18,d5,3e,89,65,fc,63,76,84,c8,c9,3c,fe,23,88,d6,85,8d,53,\
8b,2a,6f,68,f3,cb,a7,f8,05,b0,a7,de,3f,75,35,f0,f0,89,54,6b,ff,e1,fb,95,ba,\
29,b6,f8,7b,04,e6,3b,38,27,29,46,97,75,1e,bf,19,f1,03,95,18,8c,7d,f9,c1,ea,\
c8,d7,5e,4d,28,9a,54,49,99,9f,9e,d2,de,e4,d9,14,da,eb,97,ac,80,e0,d2,3a,3f,\
bc,99,9b,0e,99,a2,cf,17,bb,67,3d,4c,4c,a3,4c,d2,6d,2c,f8,5d,e6,8b,28,0b,df,\
64,14,00,00,00,84,17,0f,7d,35,99,e8,cf,d1,d7,e4,72,30,37,1f,a9,91,87,79,45
Ok and something else popped up, we can get some more info from this log :)
Please download the L2MFix by Shadowwar (http://www.downloads.subratam.org/l2mfix.exe):
Save it to your desktop.
Double-click l2mfix.exe
Click the Install - button to extract the files.
Follow the prompts, then please open the newly added l2mfix folder on your desktop.
Double-click the l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log and paste it into your next reply.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to!
Note; if you recieve any error messages for CMD or Autoexec.bat>> select option 5 from the l2mfix and once at the site, click on the link that apply to your operating system.
Double-click the file it downloads and extract the files to its predetermined System32 folder.
Bravura, how is it going?
I apologize for the [extremely] slow reply. ><
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"Asynchronous"=dword:00000001
"DLLName"="WlNotify.dll"
"Impersonate"=dword:00000001
"Lock"="SensLockEvent"
"Logoff"="SensLogoffEvent"
"Logon"="SensLogonEvent"
"MaxWait"=dword:00000258
"Safe"=dword:00000001
"Shutdown"="SensShutdownEvent"
"StartScreenSaver"="SensStartScreenSaverEvent"
"StartShell"="SensStartShellEvent"
"Startup"="SensStartupEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Unlock"="SensUnlockEvent"
"Disconnect"="SensDisconnectEvent"
"PostShell"="SensPostShellEvent"
"Reconnect"="SensReconnectEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,92,48,46,5e,59,9b,18,46,a0,1a,98,f7,1e,34,35,4e,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,dc,a1,d5,91,9e,08,d0,e8,\
8c,3e,63,f2,ea,6b,61,fd,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,69,\
80,ae,a1,9f,e8,35,8b,ed,7c,76,2d,fb,50,b4,34,b0,01,00,00,af,f6,b1,6e,d1,b7,\
48,66,2e,13,f9,4d,32,68,12,5b,44,55,35,75,b1,65,8c,8e,4c,44,85,59,ac,8a,7d,\
82,88,58,f5,31,8f,2c,da,f6,5e,8c,41,34,68,c0,3b,ec,97,d5,96,21,51,d4,a9,97,\
05,69,85,f7,62,67,77,fc,30,66,69,fe,86,74,a8,e9,83,2f,b8,45,59,c0,c9,7a,86,\
f8,d2,97,30,1f,98,75,07,f7,b0,ac,1d,2b,aa,00,ab,21,9a,41,cf,79,7c,6a,e3,fb,\
50,65,cb,0d,34,bf,c8,74,54,c0,ad,f3,11,a2,1f,46,db,04,69,d5,8a,3f,02,90,99,\
8b,21,5f,10,67,49,0e,3e,5b,a3,3f,7f,67,c3,c1,65,9f,55,63,e2,4f,c4,7d,32,48,\
3a,2e,19,64,94,e8,67,ce,39,21,54,fc,dd,d1,9a,9c,4b,ba,b1,bb,63,17,80,bd,70,\
14,0b,57,ea,b8,84,66,e6,3c,e6,f2,00,ad,54,fe,ee,7a,5e,0d,65,3c,41,29,f4,78,\
71,29,d6,87,42,07,f5,1d,63,a0,78,86,ff,70,04,d0,b5,d6,03,7b,95,e8,a9,4d,73,\
15,16,a5,e6,63,fb,db,e1,c2,93,dc,98,be,4d,7b,63,ab,ff,a7,9a,d1,2f,d0,2a,16,\
49,a5,5a,fe,64,29,f5,fa,18,0a,41,c7,0f,fe,b0,39,0a,1f,74,12,dd,5f,0c,c3,0a,\
d0,f2,59,64,09,2c,8f,57,b7,49,cb,6a,01,b1,68,7c,a2,d8,62,37,85,a6,c6,f7,61,\
4d,e4,57,88,86,28,84,e2,27,a0,19,eb,22,a0,5b,77,c2,46,52,d4,82,a2,68,12,1b,\
f8,1d,d7,22,b7,7e,8c,eb,9b,f1,f1,ea,84,54,c0,22,f7,89,12,9c,31,aa,83,ff,c6,\
9a,2f,12,11,00,d0,36,e8,11,a6,c2,e3,b1,06,0a,85,23,08,ec,6b,10,54,21,68,6f,\
ad,4d,95,41,5b,42,f2,1a,30,be,e2,82,a7,9e,8a,83,4a,5f,d2,0a,e6,19,90,2d,78,\
44,9d,1c,57,f5,42,12,07,58,97,89,a4,16,01,47,31,a2,11,b1,39,00,90,ce,6b,dd,\
d1,14,00,00,00,b4,0d,3c,94,e6,2f,f1,27,17,48,a1,d3,04,cb,c9,bb,a4,14,d6,dd
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A66C62B7-45D9-3B61-1C25-1CC3E829DE88}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{52c68510-09a0-11cf-8daa-00aa004a5691}"="Shell extensions for NetWare"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{2F5AC606-70CF-461C-BFE1-6063670C3484}"="Display CPL Extension"
"{6DA42C88-56FE-43FF-9F9D-7B47527E47D5}"=""
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
(Have to give this in 2 sections)
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
admparse.dll Fri Oct 27 2006 2:44:26a A.... 71,680 70.00 K
advpack.dll Fri Oct 27 2006 2:44:06a A.... 123,904 121.00 K
browseui.dll Sat Sep 23 2006 1:12:50p A.... 1,022,976 999.00 K
comctl32.dll Fri Aug 25 2006 10:45:58a A.... 617,472 603.00 K
corpol.dll Tue Oct 17 2006 1:03:56p A.... 17,408 17.00 K
divx.dll Mon Oct 2 2006 2:04:40p A.... 635,486 620.59 K
divx_x~1.dll Mon Oct 2 2006 2:04:42p A.... 806,912 788.00 K
divx_x~2.dll Mon Oct 2 2006 2:04:42p A.... 806,912 788.00 K
divx_x~3.dll Mon Oct 2 2006 2:04:42p A.... 790,528 772.00 K
dxtmsft.dll Tue Oct 17 2006 12:58:06p A.... 346,624 338.50 K
dxtrans.dll Tue Oct 17 2006 12:57:50p A.... 214,528 209.50 K
extmgr.dll Fri Oct 27 2006 3:09:58p A.... 131,584 128.50 K
fltlib.dll Mon Aug 21 2006 7:21:06a A.... 16,896 16.50 K
gearaspi.dll Tue Sep 19 2006 3:43:58p A.... 109,360 106.80 K
icardie.dll Tue Oct 17 2006 12:58:20p ..... 61,952 60.50 K
ieakeng.dll Fri Oct 27 2006 2:44:36a A.... 152,064 148.50 K
ieaksie.dll Fri Oct 27 2006 2:44:42a A.... 229,376 224.00 K
ieakui.dll Fri Oct 27 2006 2:42:54a A.... 161,792 158.00 K
ieapfltr.dll Tue Oct 17 2006 12:27:56p ..... 380,928 372.00 K
iedkcs32.dll Fri Oct 27 2006 2:44:46a A.... 382,976 374.00 K
ieencode.dll Tue Oct 17 2006 1:06:00p A.... 78,336 76.50 K
ieframe.dll Fri Oct 27 2006 3:09:58p ..... 6,049,280 5.77 M
iepeers.dll Fri Oct 27 2006 3:09:58p A.... 191,488 187.00 K
iernonce.dll Fri Oct 27 2006 2:44:08a A.... 43,008 42.00 K
iertutil.dll Tue Oct 17 2006 12:57:20p ..... 266,752 260.50 K
iesetup.dll Fri Oct 27 2006 2:44:26a A.... 55,296 54.00 K
ieui.dll Fri Oct 27 2006 3:09:58p ..... 180,736 176.50 K
imgutil.dll Tue Oct 17 2006 12:57:58p A.... 36,352 35.50 K
inseng.dll Fri Oct 27 2006 2:44:08a A.... 92,672 90.50 K
jscript.dll Tue Oct 17 2006 1:00:00p A.... 491,520 480.00 K
jsproxy.dll Fri Oct 27 2006 3:09:58p A.... 27,136 26.50 K
licmgr10.dll Tue Oct 17 2006 1:05:10p A.... 40,960 40.00 K
msfeeds.dll Fri Oct 27 2006 3:09:58p ..... 458,752 448.00 K
msfeed~1.dll Fri Oct 27 2006 3:09:58p ..... 50,688 49.50 K
mshtml.dll Fri Oct 27 2006 3:09:58p A.... 3,577,856 3.41 M
mshtmled.dll Fri Oct 27 2006 3:09:58p A.... 475,648 464.50 K
mshtmler.dll Tue Oct 17 2006 12:28:56p A.... 48,128 47.00 K
msls31.dll Fri Oct 27 2006 3:09:58p A.... 156,160 152.50 K
msrating.dll Tue Oct 17 2006 1:05:10p A.... 192,000 187.50 K
mstime.dll Fri Oct 27 2006 3:09:58p A.... 670,720 655.00 K
msxml3.dll Wed Sep 13 2006 12:01:56a A.... 1,084,416 1.03 M
nwapi32.dll Fri Oct 13 2006 7:35:12a A.... 64,000 62.50 K
nwprovau.dll Fri Oct 13 2006 7:35:12a A.... 142,336 139.00 K
nwwks.dll Fri Oct 13 2006 7:35:12a A.... 65,536 64.00 K
occache.dll Tue Oct 17 2006 1:04:46p A.... 101,376 99.00 K
p2p.dll Wed Oct 11 2006 11:36:00a A.... 153,088 149.50 K
p2pgasvc.dll Wed Oct 11 2006 11:36:00a A.... 104,960 102.50 K
p2pgraph.dll Wed Oct 11 2006 11:36:00a A.... 313,344 306.00 K
p2pnetsh.dll Wed Oct 11 2006 11:36:00a A.... 115,712 113.00 K
p2psvc.dll Wed Oct 11 2006 11:36:00a A.... 553,984 541.00 K
pncrt.dll Sun Nov 5 2006 5:02:10p A.... 278,528 272.00 K
pndx5016.dll Sun Nov 5 2006 5:02:22p A.... 6,656 6.50 K
pndx5032.dll Sun Nov 5 2006 5:02:22p A.... 5,632 5.50 K
pngfilt.dll Tue Oct 17 2006 12:58:08p A.... 44,544 43.50 K
pnrpnsp.dll Wed Oct 11 2006 11:36:00a A.... 58,880 57.50 K
rmoc3260.dll Sun Nov 5 2006 5:02:42p A.... 185,952 181.59 K
shdocvw.dll Mon Sep 4 2006 1:12:56a A.... 1,497,088 1.43 M
shlwapi.dll Sat Sep 23 2006 1:12:50p A.... 474,112 463.00 K
url.dll Tue Oct 17 2006 1:05:22p A.... 105,984 103.50 K
urlmon.dll Fri Oct 27 2006 3:09:58p A.... 1,162,240 1.11 M
vbscript.dll Fri Oct 27 2006 3:09:58p A.... 413,696 404.00 K
webcheck.dll Fri Oct 27 2006 3:09:58p A.... 231,424 226.00 K
wgalogon.dll Wed Sep 20 2006 5:35:46p ..... 441,136 430.80 K
wininet.dll Fri Oct 27 2006 3:09:58p A.... 818,688 799.50 K
xpsp3res.dll Mon Oct 16 2006 5:29:16a A.... 248,320 242.50 K
65 items found: 65 files, 0 directories.
Total of file sizes: 28,936,478 bytes 27.59 M
Locate .tmp files:
C:\WINDOWS\SYSTEM32\
ren1b.tmp Tue Oct 17 2006 7:48:10p A.... 0 0.00 K
ren1c.tmp Tue Oct 17 2006 7:48:10p A.... 0 0.00 K
ren1d.tmp Tue Oct 17 2006 7:48:10p A.... 0 0.00 K
3 items found: 3 files, 0 directories.
Total of file sizes: 0 bytes 0.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 4C44-A0C5
Directory of C:\WINDOWS\System32
19/11/2006 04:33 PM <DIR> dllcache
07/08/2006 04:17 PM <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 53,388,374,016 bytes free
seven text...
LonnyRJones
2006-12-06, 12:11
Sorry for the delay Bravura
Open the l2mfix\regfixes folder and doubleclick winlogondefaults.reg answer yes to the prompt
Now run l2mfix.bat agan choose option 1 and post its log, i only need to see this section "Winlogon/notify:"
Run avg antirootkit again and if any items are found save the log and post it.
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"Asynchronous"=dword:00000001
"DLLName"="WlNotify.dll"
"Impersonate"=dword:00000001
"Lock"="SensLockEvent"
"Logoff"="SensLogoffEvent"
"Logon"="SensLogonEvent"
"MaxWait"=dword:00000258
"Safe"=dword:00000001
"Shutdown"="SensShutdownEvent"
"StartScreenSaver"="SensStartScreenSaverEvent"
"StartShell"="SensStartShellEvent"
"Startup"="SensStartupEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Unlock"="SensUnlockEvent"
"Disconnect"="SensDisconnectEvent"
"PostShell"="SensPostShellEvent"
"Reconnect"="SensReconnectEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,92,48,46,5e,59,9b,18,46,a0,1a,98,f7,1e,34,35,4e,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,b6,ff,d7,97,c6,2e,d1,6c,\
fd,d9,ca,b3,6e,b2,a9,a9,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,7c,\
44,a5,05,40,4b,00,18,41,d0,d6,af,a2,92,8f,e5,b0,01,00,00,06,7d,5a,fd,aa,e3,\
15,59,10,0d,9f,75,e4,eb,a4,4b,14,f5,44,79,1e,82,c9,03,b2,30,62,b7,1a,b3,55,\
13,be,d8,12,4f,4a,54,92,63,7b,a9,39,00,29,0c,a9,26,e4,f5,d7,9d,90,3a,21,07,\
87,3b,4c,d6,4b,04,6b,8a,3c,24,c2,64,9d,fb,04,88,07,db,ca,aa,ae,15,a5,a7,96,\
24,df,60,49,78,12,a1,98,40,e3,6a,b2,9e,3b,c0,97,2a,d5,17,aa,e0,fe,d7,dd,86,\
b6,e2,2f,8e,89,d8,da,80,3f,cb,bf,80,21,62,32,98,9e,89,57,f3,4f,fb,80,d4,01,\
f3,79,e4,5c,47,15,8c,61,18,40,7c,9d,36,96,e4,63,9e,bc,c7,ca,9c,76,dd,c9,5b,\
98,14,b3,67,6f,a1,1e,76,41,69,32,f8,3e,0d,ff,7b,fb,5b,30,c6,58,d0,75,38,81,\
c7,81,7b,10,c6,9e,52,90,19,dc,80,f1,71,ad,da,f9,a0,de,6a,a9,fe,7c,20,49,1d,\
08,3c,e3,11,77,e1,aa,b6,35,7d,1f,3d,06,2c,c5,42,dc,b6,0f,b1,ba,4d,e3,5e,a6,\
bd,22,dc,2c,47,bb,a4,eb,db,eb,61,9e,bf,e1,bc,04,b6,4d,06,b7,3a,1e,77,65,63,\
31,b5,c2,6b,ae,15,2d,35,f5,78,63,b8,3e,02,7f,d9,f6,b9,e1,3d,10,be,b1,4e,5d,\
3b,0c,f6,be,a4,d0,bd,26,a9,60,0b,7b,95,25,37,e3,55,b4,70,36,4c,d5,ff,60,1e,\
a4,9e,93,18,41,06,34,ca,8c,46,06,79,ea,fb,be,da,bc,57,bc,79,8d,76,2a,e8,ae,\
b5,22,52,dd,3a,7c,a5,7c,59,56,b1,46,d3,8b,30,59,1b,63,ee,fc,95,a7,2c,36,85,\
29,7f,0a,44,49,9a,fe,a4,dd,aa,cf,d0,25,fd,07,86,5a,e7,8d,48,af,7c,b5,6f,44,\
6c,0c,e4,83,d9,be,76,58,e7,ad,39,b6,6f,69,fe,7e,e8,01,1d,c5,60,5e,56,52,9b,\
3f,4e,36,57,d2,73,d1,47,7a,bf,a6,0f,97,aa,33,1f,2c,2e,a6,00,89,62,78,57,a9,\
e9,14,00,00,00,0f,9b,da,ea,43,1f,4d,cb,d2,c3,5c,39,e5,8f,b7,5e,24,6d,70,c0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
AVG found no rootkits.
LonnyRJones
2006-12-08, 22:05
This incomplete one belongs to Panda
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
Try starting its uninstaller and see if there is an option to repair, if not then Uninstall the program reboot the PC and install again.
It's not installed for me to uninstall it. There’s a file in Program Files > Common Files, entitled Panda Software, however when I try and delete it or end process I get a "access denied" pop up.
http://i16.tinypic.com/2jds8r7.jpg
LonnyRJones
2006-12-09, 08:49
Are you logged into the same account as when it was installed ?
Please dont be deleteing or ending its process's/files.
If you cannot uninstall it simply download and install again.
LonnyRJones
2006-12-18, 07:03
Im assuming you got Panda to repair or reinstalled.
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
I thought I replied... guess it didn't go through or something.
Anyways, I fixed the Panda problem and thank you very much for your help!
LonnyRJones
2006-12-21, 01:27
Good :)
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).