Malware and other issues...
- Thread starter ghotiacre
- Start date
I ran a new find.bat, and here's the current results... I don't see vbscript.dll anywhere...
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\SoftwareDistribution\Download\a39d7c907193cb74dabeac9b04866368\sp2gdr\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Authoring"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript Author"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
D:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
D:\WINDOWS\ServicePackFiles\i386\vbscript.dll
D:\WINDOWS\system32\vbscript.dll
D:\WINDOWS\system32\dllcache\vbscript.dll
D:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
D:\WINDOWS\$NtServicePackUninstall$\jscript.dll
D:\WINDOWS\$NtUninstallKB917344$\jscript.dll
D:\WINDOWS\ServicePackFiles\i386\jscript.dll
D:\WINDOWS\SoftwareDistribution\Download\a39d7c907193cb74dabeac9b04866368\sp2gdr\jscript.dll
D:\WINDOWS\system32\jscript.dll
D:\WINDOWS\system32\dllcache\jscript.dll
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Authoring"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{0AEE2A92-BCBB-11D0-8C72-00C04FC2B085}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript Author"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}]
@="JScript Language Encoding"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
@="D:\\WINDOWS\\system32\\jscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\OLEScript]
[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\ProgID]
@="JScript.Encode"
Microsoft addressed the ActiveX problems by having users download from this URL.
http://windowsxp.mvps.org/reg/olereg.vbs
But, when I try to load up the reg change, I an error stating:
"Can't find script engine "VBScript" for script "D:\Documents and Settings\Denise\Desktop\olereg.vbs".
This furthers me to believe that the registry change fixed my jscript problems, but now my VBScript problems need to be addressed... I still can't figure out why I can't /unregister or regsvr those 2 DLL's...
Now that System Restore is back, should I do a restore?
(No more questions/posts until you reply, I promise.)
http://windowsxp.mvps.org/reg/olereg.vbs
But, when I try to load up the reg change, I an error stating:
"Can't find script engine "VBScript" for script "D:\Documents and Settings\Denise\Desktop\olereg.vbs".
This furthers me to believe that the registry change fixed my jscript problems, but now my VBScript problems need to be addressed... I still can't figure out why I can't /unregister or regsvr those 2 DLL's...
Now that System Restore is back, should I do a restore?
(No more questions/posts until you reply, I promise.)
Same problem as before... Error installing jscript.dll and vbscript.dll.
I have a system restore point that goes back to the 3rd of January, but I wonder that after fixing the .dll problems, will they return when I go to clean the PC of malware again?
What do you think I should try?
I have a system restore point that goes back to the 3rd of January, but I wonder that after fixing the .dll problems, will they return when I go to clean the PC of malware again?
What do you think I should try?
I am the bearer of bad news today...
System Restore fails to restore to the 2 restore points from the 3rd of January. There are no earlier dates as no one else that used this PC ever used it. I think I'm looking at a reformat, and I really don't want to do that to someone else's PC........
System Restore fails to restore to the 2 restore points from the 3rd of January. There are no earlier dates as no one else that used this PC ever used it. I think I'm looking at a reformat, and I really don't want to do that to someone else's PC........
Hi again 
So you want to reformat ? I'll give you instructions if you want...
Were you able to replace (earlier) both of the files jscript.dll and vbscript.dll?
Did you get an error when you tried to do it ?
Did you try to install Windows Script 5.6 ?
Please let me know :bigthumb:
So you want to reformat ? I'll give you instructions if you want...
Were you able to replace (earlier) both of the files jscript.dll and vbscript.dll?
Did you get an error when you tried to do it ?
Did you try to install Windows Script 5.6 ?
Please let me know :bigthumb:
The script 5.6 did not work, it failed to install jscript.dll and vbscript.dll.
The right click copy and overwrite from the system32 file worked and replaced them, yet it still failed to register them.
I want to avoid a reformat if at all possible. I will have to find out if the owner wants it done or not.
The right click copy and overwrite from the system32 file worked and replaced them, yet it still failed to register them.
I want to avoid a reformat if at all possible. I will have to find out if the owner wants it done or not.
Hi
Let me know what the owner wants...
Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent Runners.vbs
Save it to your silentrunners folder.
Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter
Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything :bigthumb:
Let me know what the owner wants...
Make a new folder in the C:\drive called silentrunners
Download 'silent runners" from here: (direct download)
http://www.silentrunners.org/Silent Runners.vbs
Save it to your silentrunners folder.
Click start> run> type cmd and hit enter
Type the following exactly and hit enter after each line.
cd c:\silentrunners and hit enter
"silent runners.vbs" -all and hit enter
Wait until it pops up saying its completed, then post the resulting logfile here
It will be very large. You may need several posts to include everything :bigthumb:
Hi
Sorry I wasn't thinking clearly....:red:
Let's try this:
Go to Start >Run
Copy and paste this command in and press enter:
regsvr32 /u vbscript.dll
Wait for the success message.
Same for this:
regsvr32 /u jscript.dll
Then we'll re-register the files:
Use the same run box for these (one by one):
regsvr32 jscript.dll
regsvr32 vbscript.dll
Then we have a fix for the vbs too
Download
http://www.dougknox.com/xp/fileassoc/xp_vbs_file_association.zip
Unzip to a convenient place, doubleclick vbs_file_fix.reg and allow the merge.
Reboot and let me know if it helped :bigthumb:
Sorry I wasn't thinking clearly....:red:
Let's try this:
Go to Start >Run
Copy and paste this command in and press enter:
regsvr32 /u vbscript.dll
Wait for the success message.
Same for this:
regsvr32 /u jscript.dll
Then we'll re-register the files:
Use the same run box for these (one by one):
regsvr32 jscript.dll
regsvr32 vbscript.dll
Then we have a fix for the vbs too
Download
http://www.dougknox.com/xp/fileassoc/xp_vbs_file_association.zip
Unzip to a convenient place, doubleclick vbs_file_fix.reg and allow the merge.
Reboot and let me know if it helped :bigthumb:
Last edited:
I have some good news for a change. vbscript.dll is registering again. I had to go into regedit and change permissions on all bad vbscript.dll keys and subkeys as well as jscript.dll. But, jscript.dll is still not registering, and when i went to run silentrunners, it told me that:
"Silent Runners" cannot access file services critical to proper script operation. It says to make sure "Cryptographic Services" service is started. Or, to try reinstalling the latest version of the MS Windows Script Host. So, i tried to reinstall the script host, and it says successful, with the exception of jscript.dll...
"Silent Runners" cannot access file services critical to proper script operation. It says to make sure "Cryptographic Services" service is started. Or, to try reinstalling the latest version of the MS Windows Script Host. So, i tried to reinstall the script host, and it says successful, with the exception of jscript.dll...
Ok good
Let's try this other fix which is for jscript.
jscript_fix.zip
Unzip to a convenient place, doubleclick jscript_fix.zip.reg and allow the merge.
Reboot and let me know if it helped :bigthumb:
Let's try this other fix which is for jscript.
jscript_fix.zip
Unzip to a convenient place, doubleclick jscript_fix.zip.reg and allow the merge.
Reboot and let me know if it helped :bigthumb:
Okay, that fix didn't work. still unable to register jscript.dll. I'm thinking that my issue is still in the permissions on the registry. I allowed permissions for all jscript keys and subkeys, as well as the restricted java keys. I think I'm missing some more keys that I haven't allowed permissions to. Any idea what all associated keys go with jscript?
FINALLY! I have succeeded at getting both vbscript.dll and jscript.dll to register. Now, here is the list of problems... :funny:
WMP still opens to "An Internal Error Has Occurred".
Silentrunners still will not work, even after getting the message the Windows Script installed correctly. When you click "okay" on the error, it goes directly to http://msdn.microsoft.com/library/default.asp?url=/downloads/list/webdev.asp
This URL has an error saying <a href="An error occurred on the server when processing the URL. Please contact the system administrator.An error occurred on the server when processing the URL. Please contact the system administrator.
But, when I click the "downloads" link on the left side, it loads up the same URL as above, but I have the option to download the 5.6 scripts...
Kaspersky now works! I will have the virus log for you shortly...
WMP still opens to "An Internal Error Has Occurred".
Silentrunners still will not work, even after getting the message the Windows Script installed correctly. When you click "okay" on the error, it goes directly to http://msdn.microsoft.com/library/default.asp?url=/downloads/list/webdev.asp
This URL has an error saying <a href="An error occurred on the server when processing the URL. Please contact the system administrator.An error occurred on the server when processing the URL. Please contact the system administrator.
But, when I click the "downloads" link on the left side, it loads up the same URL as above, but I have the option to download the 5.6 scripts...
Kaspersky now works! I will have the virus log for you shortly...
Kaspersky Results:
I'm not able to get them onto the forum... As an attachment, it's 1.5Mb, and the character number is 700,000 approximate characters, and no way to reduce it to 20Kb or post in amounts of 20,000 characters... Not sure how to get it here. It picked up a MASS amount of cookies and registry settings... Yet only 6 viruses, 10 infected, and 2 suspicious...
Here's the HJT Log as well...
Logfile of HijackThis v1.99.1
Scan saved at 4:22:35 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\DIGStream\digstream.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DIGStream] D:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
I'm not able to get them onto the forum... As an attachment, it's 1.5Mb, and the character number is 700,000 approximate characters, and no way to reduce it to 20Kb or post in amounts of 20,000 characters... Not sure how to get it here. It picked up a MASS amount of cookies and registry settings... Yet only 6 viruses, 10 infected, and 2 suspicious...
Here's the HJT Log as well...
Logfile of HijackThis v1.99.1
Scan saved at 4:22:35 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\vphc700.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\DIGStream\digstream.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\ATI Multimedia\main\launchpd.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Denise\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [phc700] D:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Desksite CMA] D:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DIGStream] D:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKCU\..\Run: [EPSON Stylus CX5400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /M "Stylus CX5400" /EF "HKCU"
O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5400 (Copy 1)] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /M "Stylus CX5400" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaversion/005/latest/twophase.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126722691843
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2918.cab
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
I did a rollback on WMP, then upgraded to WMP 11 and it works fine now. No ActiveX issues any longer, I guess it was the Media Player that was not allowing videos to run in IE.
Onto the error with Silentrunners. I checked to see if Cryptographic Services was running, and it was.
I tried to reinstall my 5.6 Scripts and they were successfully completed again. Still no Silentrunners.
Since it runs off of vbscript.dll, it should be fine. I did notice that when i do the run command of regsvr32 /u vbscript.dll that it does NOT work. Only registering it.
So, I tested it and found out these commands do not work:
regsvr32 /i jscript.dll
regsvr32 /i vbscript.dll
regsvr32 /u jscript.dll
regsvr32 /u vbscript.dll
If I'm assuming correctly they mean /install and /uninstall...?
The error message I receive is, "vbscript.dll was loaded, but the DllInstall entry point was not found. This file can not be registered."
Yet, when i run:
regsvr32 jscript.dll
regsvr32 vbscript.dll
They run successfully.
:spider:
Onto the error with Silentrunners. I checked to see if Cryptographic Services was running, and it was.
I tried to reinstall my 5.6 Scripts and they were successfully completed again. Still no Silentrunners.
Since it runs off of vbscript.dll, it should be fine. I did notice that when i do the run command of regsvr32 /u vbscript.dll that it does NOT work. Only registering it.
So, I tested it and found out these commands do not work:
regsvr32 /i jscript.dll
regsvr32 /i vbscript.dll
regsvr32 /u jscript.dll
regsvr32 /u vbscript.dll
If I'm assuming correctly they mean /install and /uninstall...?
The error message I receive is, "vbscript.dll was loaded, but the DllInstall entry point was not found. This file can not be registered."
Yet, when i run:
regsvr32 jscript.dll
regsvr32 vbscript.dll
They run successfully.
:spider: