|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Please help, I can't figure out what is wrong
I was told to post my Hi Jack this log here for help but it is huge. over 148,000 characters. Did I do something wrong? Here is the first part of it.
=== Verbose logging started: 11/18/2006 3:02:20 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe === MSI (c) (E0:00) [03:02:20:234]: Resetting cached policy values MSI (c) (E0:00) [03:02:20:234]: Machine policy value 'Debug' is 0 MSI (c) (E0:00) [03:02:20:234]: ******* RunEngine: ******* Product: c:\3de2a11977934c06d36bfbaebaa9\msxml.msi ******* Action: ******* CommandLine: ********** MSI (c) (E0:00) [03:02:20:234]: Client-side and UI is none or basic: Running entire install on the server. MSI (c) (E0:00) [03:02:20:265]: Grabbed execution mutex. MSI (c) (E0:00) [03:02:20:656]: Cloaking enabled. MSI (c) (E0:00) [03:02:20:656]: Attempting to enable all disabled priveleges before calling Install on Server MSI (c) (E0:00) [03:02:20:671]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (C4:60) [03:02:20:703]: Grabbed execution mutex. MSI (s) (C4:04) [03:02:20:703]: Resetting cached policy values MSI (s) (C4:04) [03:02:20:703]: Machine policy value 'Debug' is 0 MSI (s) (C4:04) [03:02:20:703]: ******* RunEngine: ******* Product: c:\3de2a11977934c06d36bfbaebaa9\msxml.msi ******* Action: ******* CommandLine: ********** MSI (s) (C4:04) [03:02:20:937]: Machine policy value 'DisableUserInstalls' is 0 MSI (s) (C4:04) [03:02:21:187]: File will have security applied from OpCode. MSI (s) (C4:04) [03:02:21:796]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\3de2a11977934c06d36bfbaebaa9\msxml.msi' against software restriction policy MSI (s) (C4:04) [03:02:21:796]: SOFTWARE RESTRICTION POLICY: c:\3de2a11977934c06d36bfbaebaa9\msxml.msi has a digital signature MSI (s) (C4:04) [03:02:23:734]: SOFTWARE RESTRICTION POLICY: c:\3de2a11977934c06d36bfbaebaa9\msxml.msi is permitted to run at the 'unrestricted' authorization level. MSI (s) (C4:04) [03:02:23:765]: End dialog not enabled MSI (s) (C4:04) [03:02:23:781]: Original package ==> c:\3de2a11977934c06d36bfbaebaa9\msxml.msi MSI (s) (C4:04) [03:02:23:781]: Package we're running from ==> c:\WINDOWS\Installer\18e80fe9.msi MSI (s) (C4:04) [03:02:23:859]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'. MSI (s) (C4:04) [03:02:23:875]: APPCOMPAT: no matching ProductCode found in database. MSI (s) (C4:04) [03:02:23:921]: MSCOREE not loaded loading copy from system32 MSI (s) (C4:04) [03:02:23:921]: Machine policy value 'TransformsSecure' is 0 MSI (s) (C4:04) [03:02:23:921]: User policy value 'TransformsAtSource' is 0 MSI (s) (C4:04) [03:02:23:937]: Machine policy value 'DisablePatch' is 0 MSI (s) (C4:04) [03:02:23:937]: Machine policy value 'AllowLockdownPatch' is 0 MSI (s) (C4:04) [03:02:23:937]: Machine policy value 'DisableLUAPatching' is 0 MSI (s) (C4:04) [03:02:23:968]: Machine policy value 'DisableFlyWeightPatching' is 0 MSI (s) (C4:04) [03:02:23:968]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'. MSI (s) (C4:04) [03:02:23:968]: APPCOMPAT: no matching ProductCode found in database. MSI (s) (C4:04) [03:02:23:968]: Transforms are not secure. MSI (s) (C4:04) [03:02:23:968]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\3de2a11977934c06d36bfbaebaa9 CLIENTUILEVEL=3 CLIENTPROCESSID=3808 MSI (s) (C4:04) [03:02:23:968]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'. MSI (s) (C4:04) [03:02:23:968]: Product Code passed to Engine.Initialize: '' MSI (s) (C4:04) [03:02:23:968]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' MSI (s) (C4:04) [03:02:23:968]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' MSI (s) (C4:04) [03:02:23:968]: Product not registered: beginning first-time install MSI (s) (C4:04) [03:02:23:968]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'. MSI (s) (C4:04) [03:02:23:968]: Entering CMsiConfigurationManager::SetLastUsedSource. MSI (s) (C4:04) [03:02:23:968]: User policy value 'SearchOrder' is 'nmu' MSI (s) (C4:04) [03:02:23:984]: Adding new sources is allowed. MSI (s) (C4:04) [03:02:23:984]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'. MSI (s) (C4:04) [03:02:23:984]: Package name extracted from package path: 'msxml.msi' MSI (s) (C4:04) [03:02:23:984]: Package to be registered: 'msxml.msi' MSI (s) (C4:04) [03:02:23:984]: Note: 1: 2729 MSI (s) (C4:04) [03:02:24:015]: Note: 1: 2729 MSI (s) (C4:04) [03:02:24:015]: Note: 1: 2262 2: AdminProperties 3: -2147287038 MSI (s) (C4:04) [03:02:24:015]: Machine policy value 'DisableMsi' is 0 MSI (s) (C4:04) [03:02:24:015]: Machine policy value 'AlwaysInstallElevated' is 0 MSI (s) (C4:04) [03:02:24:015]: User policy value 'AlwaysInstallElevated' is 0 MSI (s) (C4:04) [03:02:24:015]: Product installation will be elevated because user is admin and product is being installed per-machine. MSI (s) (C4:04) [03:02:24:015]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned. MSI (s) (C4:04) [03:02:24:015]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'. MSI (s) (C4:04) [03:02:24:015]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\3de2a11977934c06d36bfbaebaa9'. MSI (s) (C4:04) [03:02:24:015]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'. MSI (s) (C4:04) [03:02:24:015]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '3808'. MSI (s) (C4:04) [03:02:24:015]: TRANSFORMS property is now: MSI (s) (C4:04) [03:02:24:015]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'. MSI (s) (C4:04) [03:02:24:031]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Applicati on Data MSI (s) (C4:04) [03:02:24:031]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites MSI (s) (C4:04) [03:02:24:031]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood MSI (s) (C4:04) [03:02:24:031]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents MSI (s) (C4:04) [03:02:24:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood MSI (s) (C4:04) [03:02:24:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent MSI (s) (C4:04) [03:02:24:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo MSI (s) (C4:04) [03:02:24:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates MSI (s) (C4:04) [03:02:24:046]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data MSI (s) (C4:04) [03:02:24:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data MSI (s) (C4:04) [03:02:24:062]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures MSI (s) (C4:04) [03:02:24:125]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools MSI (s) (C4:04) [03:02:24:125]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup MSI (s) (C4:04) [03:02:24:125]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs MSI (s) (C4:04) [03:02:24:125]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu MSI (s) (C4:04) [03:02:24:140]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop MSI (s) (C4:04) [03:02:24:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools MSI (s) (C4:04) [03:02:24:140]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup MSI (s) (C4:04) [03:02:24:156]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs MSI (s) (C4:04) [03:02:24:156]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu MSI (s) (C4:04) [03:02:24:156]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop MSI (s) (C4:04) [03:02:24:171]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates MSI (s) (C4:04) [03:02:24:171]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts MSI (s) (C4:04) [03:02:24:187]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16 MSI (s) (C4:04) [03:02:24:187]: MSCOREE not loaded loading copy from system32 MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'. MSI (s) (C4:04) [03:02:24:203]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Eric Lapham'. MSI (s) (C4:04) [03:02:24:203]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'none'. MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\18e80fe9.msi'. MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\3de2a11977934c06d36bfbaebaa9\msxml.msi'. MSI (s) (C4:04) [03:02:24:203]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (C4:04) [03:02:24:203]: Machine policy value 'DisableRollback' is 0 MSI (s) (C4:04) [03:02:24:203]: User policy value 'DisableRollback' is 0 MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'. === Logging started: 11/18/2006 3:02:24 === MSI (s) (C4:04) [03:02:24:203]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'. MSI (s) (C4:04) [03:02:24:203]: Doing action: INSTALL MSI (s) (C4:04) [03:02:24:218]: Running ExecuteSequence MSI (s) (C4:04) [03:02:24:218]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 Action start 3:02:24: INSTALL. MSI (s) (C4:04) [03:02:24:234]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Desktop\'. Action start 3:02:24: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 . MSI (s) (C4:04) [03:02:24:234]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_59652376 1901 Action ended 3:02:24: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 . Return value 1. MSI (s) (C4:04) [03:02:24:234]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_59652376 1901 property. Its value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'. Action start 3:02:24: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_59652376 1901. MSI (s) (C4:04) [03:02:24:234]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 Action ended 3:02:24: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_59652376 1901. Return value 1. MSI (s) (C4:04) [03:02:24:234]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'. Action start 3:02:24: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 . MSI (s) (C4:04) [03:02:24:234]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 Action ended 3:02:24: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 . Return value 1. MSI (s) (C4:04) [03:02:24:234]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'. Action start 3:02:24: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. MSI (s) (C4:04) [03:02:24:234]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 Action ended 3:02:24: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1. MSI (s) (C4:04) [03:02:24:234]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'. Action start 3:02:24: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF3 |
#2
|
||||
|
||||
Howdy coyotesnow,
Welcome to CTH. That is an application setup log, mostly used for debugging. I sorta wonder how you got from the instructions posted here (just download, click to run and post back the resulting log) to this debug log. I see from your post here you say things started going wrong after : Quote:
For now let's just try a different log type to see if you can get some more meaningful results posted here. Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. Also provide more details on that "time change" process you did. |
#3
|
|||
|
|||
Here is what I got from the start up programs file after it said it was done running. I went to the Microsoft down loads web site to down load the patch so my computer would change at the correct date so it would not be behind for three weeks. It may not be the problem, I just started having problems about the same time. Anything that is video in my e-mail I can not open, my War Craft game and a number of other programs give me errors and will not open.
Here is an example of one of the many error I am getting, on top of everything running very slow. DLL C:\PROGRA~\COMMON~1\SMARTT~1\IETAG.dll is not a valid windows image. Please check against your installation diskette. "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb 09.exe" ["HP"] "HPHUPD05" = "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"] "HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Smart Start UP" = "C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation " [empty string] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! IE Services Button" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension" -> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll " ["Roxio"] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandler s\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Eric" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data] Enabled Scheduled Tasks: ------------------------ "HP Usg Daily" -> launches: "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe" [empty string] "RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data] "RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Yahoo! Messenger" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ "ButtonText" = "Yahoo! Services" "CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" -> {HKLM...CLSID} = "Yahoo! IE Services Button" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ "ButtonText" = "PartyPoker.com" "MenuText" = "PartyPoker.com" "Exec" = "C:\Program Files\PartyGaming\PartyPoker\RunApp.exe" [empty string] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ hpzlnt09\Driver = "hpzlnt09.dll" ["HP"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 122 seconds. ---------- (total run time: 214 seconds) |
#4
|
||||
|
||||
No infection, and sounding less and less likely like infection related. Something has changed the way certain files are being opened on your system. That SmartStart software error you just posted is a good starting place. I am not familiar with the program so truly would not have ideas for it. You will need to ask further in your original request thread to see if some folks there can assist.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
my laptop is aywire and cant figure out whats wrong | ch3rry8om8 | Windows 8 | 1 | September 12th, 2018 01:24 AM |
Can't Figure It Out!!! | Vetarra | Windows XP | 1 | February 22nd, 2013 12:20 AM |
Cant figure this out can you? | plzhelpme101 | The Anything Else Board | 1 | February 15th, 2007 03:29 AM |
cant figure this out plz help | 66mustang | Windows XP | 1 | November 5th, 2004 11:40 PM |
Are You Up For This One? Noone Can Figure It Out | bookdznr | Malware Removal | 4 | July 17th, 2004 05:19 AM |
All times are GMT +1. The time now is 06:31 PM.