 |  |  |  |  |  |  |  |
Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
 |
Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#1 Aug 11th, 2007
Help HELP! I can't access any folders like my documents and C: drive and Control Panel or anything like that! i can access games and stuff but i can't get into any folders!!! i don't want to reinstall windows i have to many precious files and heck, i don't even know how to! Every time i try to get in to a file it says this:
Data Execution Prevention - Microsoft Windows
Name: Windows Explorer
Publisher: Microsoft Corporation
Close Message ( and when i click that the: Windows explorer has encountered a problem and needs to close, window! i clicked what the error contained it says:
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER3a10.dir00\explorer.exe.mdmp
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER3a10.dir00\appcompat.txt
(Kyrin is my account name)
When i try to find out how to turn off DEP it turns out you have to into the control panel! which i can't! i have Norton 360 and spy bot and ccleaner and vundofix and registry mechanic but nothing seems to be working. I have tried older threads and they don't work as to missing links and stuff. internet explorer probably doesn't work but i always use morzilla and due to older threads i have hijack this and this is what it says: oh no! i just tried it then but it didn't work says the DEP window again. DAM but i have an older one aswell:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:57:00 a.m., on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\All Users\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kyrin\Desktop\HiJackThis_v2.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074277C8-B5FA-461D-8E0E-A9344CB9A260} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5232C53B-A4B3-CE2F-FB09-029227E0B969} - C:\Program Files\Pouhhwfx\ulcqvvrx.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - C:\WINDOWS\system32\gln.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O2 - BHO: (no name) - {CB6FCCE2-B517-4F66-BE31-36F8F7B4589D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O5 "LPT1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\All Users\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [uxgpcpix] rundll32.exe "C:\Program Files\pstgdile\dqzwdote.dll",Init
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZN
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/Impor...v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kyrincat.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0033ED-72BA-45E2-88E9-343FF67E7F2B}: NameServer = 202.27.158.40,202.27.156.72
O20 - Winlogon Notify: fffdcffe - C:\WINDOWS\system32\fffdcffe.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Documents and Settings\Kyrin\My Documents\3D Max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
--
End of file - 13186 bytes
Data Execution Prevention - Microsoft Windows
Name: Windows Explorer
Publisher: Microsoft Corporation
Close Message ( and when i click that the: Windows explorer has encountered a problem and needs to close, window! i clicked what the error contained it says:
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER3a10.dir00\explorer.exe.mdmp
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER3a10.dir00\appcompat.txt
(Kyrin is my account name)
When i try to find out how to turn off DEP it turns out you have to into the control panel! which i can't! i have Norton 360 and spy bot and ccleaner and vundofix and registry mechanic but nothing seems to be working. I have tried older threads and they don't work as to missing links and stuff. internet explorer probably doesn't work but i always use morzilla and due to older threads i have hijack this and this is what it says: oh no! i just tried it then but it didn't work says the DEP window again. DAM but i have an older one aswell:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:57:00 a.m., on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\All Users\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kyrin\Desktop\HiJackThis_v2.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074277C8-B5FA-461D-8E0E-A9344CB9A260} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5232C53B-A4B3-CE2F-FB09-029227E0B969} - C:\Program Files\Pouhhwfx\ulcqvvrx.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - C:\WINDOWS\system32\gln.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O2 - BHO: (no name) - {CB6FCCE2-B517-4F66-BE31-36F8F7B4589D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O5 "LPT1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\All Users\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [uxgpcpix] rundll32.exe "C:\Program Files\pstgdile\dqzwdote.dll",Init
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZN
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/Impor...v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kyrincat.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0033ED-72BA-45E2-88E9-343FF67E7F2B}: NameServer = 202.27.158.40,202.27.156.72
O20 - Winlogon Notify: fffdcffe - C:\WINDOWS\system32\fffdcffe.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Documents and Settings\Kyrin\My Documents\3D Max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
--
End of file - 13186 bytes
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 754
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#2 Aug 11th, 2007
Hi and welcome to Daniweb forums 
.
http://www.daniweb.com/forums/thread83821.html
==
Download
SDFix
and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the
following :
==
Please download VundoFix.exe
to your desktop.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
.http://www.daniweb.com/forums/thread83821.html
==
Download
SDFix
and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the
following :
- Restart your computer
- After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually; - Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract
All, - Open the extracted folder and double click RunThis.bat to
start the script. - Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot. - Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool
will be running and removing files. - When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons. - Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt.
==
Please download VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HijackThis log.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#3 Aug 11th, 2007
Sounds like your system may be hosed. I have seen plenty of Windows going south ever since Windows 3.0. Sure XP is newer but when it system DLLs are corrupted through whatever means (malware or a errant program) then you are often left with a problem that can manifest itself as your new hobby. So what I am saying is it might be a good time to focus on Plan B and think about Prevention in the future.
I am guessing if you had a backup of the data then this would not be a problem (hint). Without the data you are going to probably need to perform a data rescue attempt, i.e. boot from Linux floppy or some other Windows Emergency disk. The Linux plan is mount the C: drive and see if you can read the folders. If so you are in luck, at least you can copy the files but it will be a tedious process. If you don't have Linux handy you can download Ubuntu or some other free version and take it from there. Or hit up one of your friends that has been bragging to you about how great Linux is.
Windows Emergency disk meanwhile is actually halfway good at fixing the common problems through a brute force approach. There is one very important caveat - if you had bothered to create one of course. At the end of the day if you lose the files it is a painful lesson to learn. As a third option, when you are really desperate you can try to run Windows Setup again and pick Repair. This will baseline all of the system DLLs and you should be able to see the folders. However it will only work if the disk structure is not compromised due to the problem. Also, plan on reinstalling your apps. You could also potentially install a separate copy of Windows XP under a different directory - but that is a long shot.
Personally I consider C: to be a volatile drive. Especially if you have Visual Studio installed, and even more if you enjoy C++. I keep my data on a separate partition, e.g. D:. I recently started keeping my MP3s on a 500GB firewire drive I picked up from buy.com for about $150 and access time is more than adequate. You might consider that as a good investment and strategy. So when the inevitable C: drive corruption occurs, at least your data will be intact. Of course you will have to reinstall the OS & apps again.
Finally depending on you expertise, if you have Symantec Ghost you can take the route of reinstalling your system from scratch, getting it back to a perfect baseline the way you want, then take a Ghost image. That way should you will have the ability to apply the image and be back to square one by installing the Ghost image. That usually takes a whole lot less time.
Good luck in you solution to this problem!
I am guessing if you had a backup of the data then this would not be a problem (hint). Without the data you are going to probably need to perform a data rescue attempt, i.e. boot from Linux floppy or some other Windows Emergency disk. The Linux plan is mount the C: drive and see if you can read the folders. If so you are in luck, at least you can copy the files but it will be a tedious process. If you don't have Linux handy you can download Ubuntu or some other free version and take it from there. Or hit up one of your friends that has been bragging to you about how great Linux is.
Windows Emergency disk meanwhile is actually halfway good at fixing the common problems through a brute force approach. There is one very important caveat - if you had bothered to create one of course. At the end of the day if you lose the files it is a painful lesson to learn. As a third option, when you are really desperate you can try to run Windows Setup again and pick Repair. This will baseline all of the system DLLs and you should be able to see the folders. However it will only work if the disk structure is not compromised due to the problem. Also, plan on reinstalling your apps. You could also potentially install a separate copy of Windows XP under a different directory - but that is a long shot.
Personally I consider C: to be a volatile drive. Especially if you have Visual Studio installed, and even more if you enjoy C++. I keep my data on a separate partition, e.g. D:. I recently started keeping my MP3s on a 500GB firewire drive I picked up from buy.com for about $150 and access time is more than adequate. You might consider that as a good investment and strategy. So when the inevitable C: drive corruption occurs, at least your data will be intact. Of course you will have to reinstall the OS & apps again.
Finally depending on you expertise, if you have Symantec Ghost you can take the route of reinstalling your system from scratch, getting it back to a perfect baseline the way you want, then take a Ghost image. That way should you will have the ability to apply the image and be back to square one by installing the Ghost image. That usually takes a whole lot less time.
Good luck in you solution to this problem!
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#4 Aug 11th, 2007
Mcldev, it not really my computer, but the owner turned off backup on Norton 360 and yeah...
Crunchie i was able to get into a file for once and i did the sdfix thing here it is SDFix: Version 1.97
Run by Kyrin on Sun 12/08/2007 at 02:21 p.m.
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Kyrin\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Bifrost\---.exe - Deleted
Folder C:\Program Files\Bifrost - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:enabled
xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\rk.exe"="C:\\WINDOWS\\system32\\rk.exe:Enabled:rk.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:Enabled:Google Talk"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:Enabled:iTunes"
"C:\\Documents and Settings\\Kyrin\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\1OO92DWY\\incredimail_install[1].exe"="C:\\Documents and Settings\\Kyrin\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\1OO92DWY\\incredimail_install[1].exe:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\incredimail_install.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\incredimail_install.exe:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:Enabled:IncrediMail"
"C:\\Program Files\\Project Snowblind\\Snowblind.MP"="C:\\Program Files\\Project Snowblind\\Snowblind.MP:Enabled
roject: Snowblind (PC)"
"C:\\Documents and Settings\\Kyrin\\My Documents\\bittorrent.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\bittorrent.exe:Enabled:BitTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:Enabled:BitTorrent"
"C:\\Documents and Settings\\All Users\\Documents\\Empires Dawn of the Modern World\\empires_dmw.exe"="C:\\Documents and Settings\\All Users\\Documents\\Empires Dawn of the Modern World\\empires_dmw.exe:Enabled:empires_dmw"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\TEMP\\win523.tmp.exe"="C:\\WINDOWS\\TEMP\\win523.tmp.exe:Enabled:win523.tmp"
"C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(2).exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(2).exe:Enabled:æTorrent"
"C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(3).exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(3).exe:Enabled:æTorrent"
"C:\\Documents and Settings\\Kyrin\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\LimeWire\\LimeWire.exe:Enabled:LimeWire"
"C:\\Documents and Settings\\Kyrin\\My Documents\\3D Max\\3dsmax.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\3D Max\\3dsmax.exe:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineInvoker.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineInvoker.exe:Enabled:TurbineInvoker"
"C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\lotroclient.exe:Enabled:lotroclient"
"C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineLauncher.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineLauncher.exe:Enabled:TurbineLauncher"
"C:\\Program Files\\Nodtronics\\Arcon\\Program\\arcon.exe"="C:\\Program Files\\Nodtronics\\Arcon\\Program\\arcon.exe:Enabled:3D Dream Home Designer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:Enabledxpsp3res.dll,-20000"
"C:\\Documents and Settings\\Kyrin\\My Documents\\Bf2142\\BF2142.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Bf2142\\BF2142.exe:Enabled:Battlefield 2"
"C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent.exe:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\jxahnmsh.exe"="C:\\WINDOWS\\system32\\jxa"
"C:\\WINDOWS\\system32\\caemnrir.exe"="C:\\WINDOWS\\system32\\cae"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:Enabledxpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Kyrin\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Kyrin\Favorites\Aninote.com\Desktop.ini
C:\Documents and Settings\Kyrin\Local Settings\Application Data\Microsoft\Messenger\im_a_trex_in_an_f14@hotmail.com\Sharing Folders\simmy1023@hotmail.com\Thumbs.db
C:\America Online 6.0\aolphx.exe
C:\America Online 6.0\aoltray.exe
C:\America Online 6.0\packethsvc.exe
C:\America Online 6.0\RBM.exe
C:\America Online 6.0\waol.exe
C:\America Online 6.0\COMIT\cswitch.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\gfhkj.tmp
C:\WINDOWS\system32\gjllm.tmp
C:\WINDOWS\system32\kbidwomp.tmp
C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\rvvdlbds.tmp
C:\WINDOWS\system32\ycbeg.tmp
Finished
Crunchie i was able to get into a file for once and i did the sdfix thing here it is SDFix: Version 1.97
Run by Kyrin on Sun 12/08/2007 at 02:21 p.m.
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Kyrin\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Bifrost\---.exe - Deleted
Folder C:\Program Files\Bifrost - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:enabledxpsp2res.dll,-22019""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe
:Enabled:Windows Messenger""C:\\WINDOWS\\system32\\rk.exe"="C:\\WINDOWS\\system32\\rk.exe
:Enabled:rk.exe""C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe
:Enabled:Windows Live Messenger 8.0 (Phone)""C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe
:Enabled:Google Talk""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe
:Enabled:iTunes""C:\\Documents and Settings\\Kyrin\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\1OO92DWY\\incredimail_install[1].exe"="C:\\Documents and Settings\\Kyrin\\Local Settings\\Temp\\Temporary Internet Files\\Content.IE5\\1OO92DWY\\incredimail_install[1].exe
:Enabled:IncrediMail Installer""C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\incredimail_install.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\incredimail_install.exe
:Enabled:IncrediMail Installer""C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe
:Enabled:IncrediMail""C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe
:Enabled:IncrediMail""C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe
:Enabled:IncrediMail""C:\\Program Files\\Project Snowblind\\Snowblind.MP"="C:\\Program Files\\Project Snowblind\\Snowblind.MP
:Enabledroject: Snowblind (PC)""C:\\Documents and Settings\\Kyrin\\My Documents\\bittorrent.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\bittorrent.exe
:Enabled:BitTorrent""C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe
:Enabled:BitTorrent""C:\\Documents and Settings\\All Users\\Documents\\Empires Dawn of the Modern World\\empires_dmw.exe"="C:\\Documents and Settings\\All Users\\Documents\\Empires Dawn of the Modern World\\empires_dmw.exe
:Enabled:empires_dmw""C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat
:Enabled:The Battle for Middle-earth(tm) II""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe
:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe
:Enabled:Windows Live Messenger 8.1 (Phone)""C:\\WINDOWS\\TEMP\\win523.tmp.exe"="C:\\WINDOWS\\TEMP\\win523.tmp.exe
:Enabled:win523.tmp""C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(2).exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(2).exe
:Enabled:æTorrent""C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(3).exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent(3).exe
:Enabled:æTorrent""C:\\Documents and Settings\\Kyrin\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\LimeWire\\LimeWire.exe
:Enabled:LimeWire""C:\\Documents and Settings\\Kyrin\\My Documents\\3D Max\\3dsmax.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\3D Max\\3dsmax.exe
:Enabled:Autodesk 3ds Max 9 32-bit""C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineInvoker.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineInvoker.exe
:Enabled:TurbineInvoker""C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\lotroclient.exe
:Enabled:lotroclient""C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineLauncher.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\The Lord of the Rings Online\\TurbineLauncher.exe
:Enabled:TurbineLauncher""C:\\Program Files\\Nodtronics\\Arcon\\Program\\arcon.exe"="C:\\Program Files\\Nodtronics\\Arcon\\Program\\arcon.exe
:Enabled:3D Dream Home Designer""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe
:Enabledxpsp3res.dll,-20000""C:\\Documents and Settings\\Kyrin\\My Documents\\Bf2142\\BF2142.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Bf2142\\BF2142.exe
:Enabled:Battlefield 2""C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent.exe"="C:\\Documents and Settings\\Kyrin\\My Documents\\Kyrins Stuff\\WinRAR Files\\utorrent.exe
:Enabled:æTorrent""C:\\WINDOWS\\system32\\jxahnmsh.exe"="C:\\WINDOWS\\system32\\jxa"
"C:\\WINDOWS\\system32\\caemnrir.exe"="C:\\WINDOWS\\system32\\cae"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe
:enabledxpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe
:Enabled:Windows Live Messenger 8.0 (Phone)""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe
:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe
:Enabled:Windows Live Messenger 8.1 (Phone)""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe
:Enabledxpsp3res.dll,-20000"Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Kyrin\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Kyrin\Favorites\Aninote.com\Desktop.ini
C:\Documents and Settings\Kyrin\Local Settings\Application Data\Microsoft\Messenger\im_a_trex_in_an_f14@hotmail.com\Sharing Folders\simmy1023@hotmail.com\Thumbs.db
C:\America Online 6.0\aolphx.exe
C:\America Online 6.0\aoltray.exe
C:\America Online 6.0\packethsvc.exe
C:\America Online 6.0\RBM.exe
C:\America Online 6.0\waol.exe
C:\America Online 6.0\COMIT\cswitch.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Cory\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Kyrin\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\Sara\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\gfhkj.tmp
C:\WINDOWS\system32\gjllm.tmp
C:\WINDOWS\system32\kbidwomp.tmp
C:\WINDOWS\system32\mnnmp.tmp
C:\WINDOWS\system32\oqtwa.tmp
C:\WINDOWS\system32\rvvdlbds.tmp
C:\WINDOWS\system32\ycbeg.tmp
Finished
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#5 Aug 11th, 2007
ok i ran vundofix but nothing was found and i still can't get into my files
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#6 Aug 11th, 2007
if i could just get into the control panel and turn DEP off..
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 754
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#7 Aug 12th, 2007
•
•
•
•
Originally Posted by crunchie 
Please post the contents of C:\vundofix.txt and a new HijackThis log.
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#8 Aug 12th, 2007
yea! i forgot! the hijackthislog:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:06:59 p.m., on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\All Users\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kyrin\Desktop\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074277C8-B5FA-461D-8E0E-A9344CB9A260} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5232C53B-A4B3-CE2F-FB09-029227E0B969} - C:\Program Files\Pouhhwfx\ulcqvvrx.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - C:\WINDOWS\system32\gln.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O2 - BHO: (no name) - {CB6FCCE2-B517-4F66-BE31-36F8F7B4589D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O5 "LPT1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\All Users\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [uxgpcpix] rundll32.exe "C:\Program Files\pstgdile\dqzwdote.dll",Init
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZN
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/Impor...v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kyrincat.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0033ED-72BA-45E2-88E9-343FF67E7F2B}: NameServer = 202.27.158.40,202.27.156.72
O20 - Winlogon Notify: fffdcffe - C:\WINDOWS\system32\fffdcffe.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Documents and Settings\Kyrin\My Documents\3D Max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
--
End of file - 12808 bytes
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:06:59 p.m., on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\All Users\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kyrin\Desktop\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074277C8-B5FA-461D-8E0E-A9344CB9A260} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5232C53B-A4B3-CE2F-FB09-029227E0B969} - C:\Program Files\Pouhhwfx\ulcqvvrx.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: GLN - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - C:\WINDOWS\system32\gln.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O2 - BHO: (no name) - {CB6FCCE2-B517-4F66-BE31-36F8F7B4589D} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3K2.EXE /P24 "EPSON Stylus Photo RX510" /O5 "LPT1:" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\All Users\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [uxgpcpix] rundll32.exe "C:\Program Files\pstgdile\dqzwdote.dll",Init
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZN
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/Impor...v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kyrincat.spaces.live.com//Pho...d/MsnPUpld.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0033ED-72BA-45E2-88E9-343FF67E7F2B}: NameServer = 202.27.158.40,202.27.156.72
O20 - Winlogon Notify: fffdcffe - C:\WINDOWS\system32\fffdcffe.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Documents and Settings\Kyrin\My Documents\3D Max\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
--
End of file - 12808 bytes
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#9 Aug 12th, 2007
ok i had to use that run program in the start section to get this:
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 5:54:28 p.m. 11/08/2007
Listing files found while scanning....
C:\windows\system32\auleqvyc.dll
C:\windows\system32\biomvnur.ini
C:\windows\system32\bioqxisa.dll
C:\windows\system32\bthyelhm.dll
C:\windows\system32\crlbuslx.dll
C:\windows\system32\dhlcruix.dll
C:\windows\system32\eoqcqmmf.ini
C:\windows\system32\eusrgtsu.ini
C:\windows\system32\fmmqcqoe.dll
C:\windows\system32\glroajgh.dll
C:\windows\system32\kuddxdmf.dll
C:\windows\system32\ogdglkmk.dll
C:\windows\system32\oyqmmxbh.dll
C:\WINDOWS\system32\pmnnm.dll
C:\windows\system32\runvmoib.dll
C:\windows\system32\swdlvmwt.dll
C:\windows\system32\trvswbkw.dll
C:\windows\system32\twmvldws.ini
C:\WINDOWS\system32\ustgrsue.dll
C:\WINDOWS\system32\vrxedxto.dll
C:\windows\system32\wkbwsvrt.ini
C:\WINDOWS\system32\xhuvoblj.dll
C:\windows\system32\xiurclhd.ini
C:\windows\system32\xlsublrc.ini
Beginning removal...
Attempting to delete C:\windows\system32\auleqvyc.dll
C:\windows\system32\auleqvyc.dll Has been deleted!
Attempting to delete C:\windows\system32\biomvnur.ini
C:\windows\system32\biomvnur.ini Has been deleted!
Attempting to delete C:\windows\system32\bioqxisa.dll
C:\windows\system32\bioqxisa.dll Has been deleted!
Attempting to delete C:\windows\system32\bthyelhm.dll
C:\windows\system32\bthyelhm.dll Has been deleted!
Attempting to delete C:\windows\system32\crlbuslx.dll
C:\windows\system32\crlbuslx.dll Has been deleted!
Attempting to delete C:\windows\system32\dhlcruix.dll
C:\windows\system32\dhlcruix.dll Has been deleted!
Attempting to delete C:\windows\system32\eoqcqmmf.ini
C:\windows\system32\eoqcqmmf.ini Has been deleted!
Attempting to delete C:\windows\system32\eusrgtsu.ini
C:\windows\system32\eusrgtsu.ini Has been deleted!
Attempting to delete C:\windows\system32\fmmqcqoe.dll
C:\windows\system32\fmmqcqoe.dll Has been deleted!
Attempting to delete C:\windows\system32\glroajgh.dll
C:\windows\system32\glroajgh.dll Has been deleted!
Attempting to delete C:\windows\system32\kuddxdmf.dll
C:\windows\system32\kuddxdmf.dll Has been deleted!
Attempting to delete C:\windows\system32\ogdglkmk.dll
C:\windows\system32\ogdglkmk.dll Has been deleted!
Attempting to delete C:\windows\system32\oyqmmxbh.dll
C:\windows\system32\oyqmmxbh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!
Attempting to delete C:\windows\system32\runvmoib.dll
C:\windows\system32\runvmoib.dll Has been deleted!
Attempting to delete C:\windows\system32\swdlvmwt.dll
C:\windows\system32\swdlvmwt.dll Has been deleted!
Attempting to delete C:\windows\system32\trvswbkw.dll
C:\windows\system32\trvswbkw.dll Has been deleted!
Attempting to delete C:\windows\system32\twmvldws.ini
C:\windows\system32\twmvldws.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ustgrsue.dll
C:\WINDOWS\system32\ustgrsue.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vrxedxto.dll
C:\WINDOWS\system32\vrxedxto.dll Has been deleted!
Attempting to delete C:\windows\system32\wkbwsvrt.ini
C:\windows\system32\wkbwsvrt.ini Has been deleted!
Attempting to delete C:\windows\system32\xiurclhd.ini
C:\windows\system32\xiurclhd.ini Has been deleted!
Attempting to delete C:\windows\system32\xlsublrc.ini
C:\windows\system32\xlsublrc.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 6:25:29 p.m. 11/08/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 6:37:22 p.m. 11/08/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 10:35:34 a.m. 12/08/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 2:55:14 p.m. 12/08/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 5:54:28 p.m. 11/08/2007
Listing files found while scanning....
C:\windows\system32\auleqvyc.dll
C:\windows\system32\biomvnur.ini
C:\windows\system32\bioqxisa.dll
C:\windows\system32\bthyelhm.dll
C:\windows\system32\crlbuslx.dll
C:\windows\system32\dhlcruix.dll
C:\windows\system32\eoqcqmmf.ini
C:\windows\system32\eusrgtsu.ini
C:\windows\system32\fmmqcqoe.dll
C:\windows\system32\glroajgh.dll
C:\windows\system32\kuddxdmf.dll
C:\windows\system32\ogdglkmk.dll
C:\windows\system32\oyqmmxbh.dll
C:\WINDOWS\system32\pmnnm.dll
C:\windows\system32\runvmoib.dll
C:\windows\system32\swdlvmwt.dll
C:\windows\system32\trvswbkw.dll
C:\windows\system32\twmvldws.ini
C:\WINDOWS\system32\ustgrsue.dll
C:\WINDOWS\system32\vrxedxto.dll
C:\windows\system32\wkbwsvrt.ini
C:\WINDOWS\system32\xhuvoblj.dll
C:\windows\system32\xiurclhd.ini
C:\windows\system32\xlsublrc.ini
Beginning removal...
Attempting to delete C:\windows\system32\auleqvyc.dll
C:\windows\system32\auleqvyc.dll Has been deleted!
Attempting to delete C:\windows\system32\biomvnur.ini
C:\windows\system32\biomvnur.ini Has been deleted!
Attempting to delete C:\windows\system32\bioqxisa.dll
C:\windows\system32\bioqxisa.dll Has been deleted!
Attempting to delete C:\windows\system32\bthyelhm.dll
C:\windows\system32\bthyelhm.dll Has been deleted!
Attempting to delete C:\windows\system32\crlbuslx.dll
C:\windows\system32\crlbuslx.dll Has been deleted!
Attempting to delete C:\windows\system32\dhlcruix.dll
C:\windows\system32\dhlcruix.dll Has been deleted!
Attempting to delete C:\windows\system32\eoqcqmmf.ini
C:\windows\system32\eoqcqmmf.ini Has been deleted!
Attempting to delete C:\windows\system32\eusrgtsu.ini
C:\windows\system32\eusrgtsu.ini Has been deleted!
Attempting to delete C:\windows\system32\fmmqcqoe.dll
C:\windows\system32\fmmqcqoe.dll Has been deleted!
Attempting to delete C:\windows\system32\glroajgh.dll
C:\windows\system32\glroajgh.dll Has been deleted!
Attempting to delete C:\windows\system32\kuddxdmf.dll
C:\windows\system32\kuddxdmf.dll Has been deleted!
Attempting to delete C:\windows\system32\ogdglkmk.dll
C:\windows\system32\ogdglkmk.dll Has been deleted!
Attempting to delete C:\windows\system32\oyqmmxbh.dll
C:\windows\system32\oyqmmxbh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll Has been deleted!
Attempting to delete C:\windows\system32\runvmoib.dll
C:\windows\system32\runvmoib.dll Has been deleted!
Attempting to delete C:\windows\system32\swdlvmwt.dll
C:\windows\system32\swdlvmwt.dll Has been deleted!
Attempting to delete C:\windows\system32\trvswbkw.dll
C:\windows\system32\trvswbkw.dll Has been deleted!
Attempting to delete C:\windows\system32\twmvldws.ini
C:\windows\system32\twmvldws.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ustgrsue.dll
C:\WINDOWS\system32\ustgrsue.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vrxedxto.dll
C:\WINDOWS\system32\vrxedxto.dll Has been deleted!
Attempting to delete C:\windows\system32\wkbwsvrt.ini
C:\windows\system32\wkbwsvrt.ini Has been deleted!
Attempting to delete C:\windows\system32\xiurclhd.ini
C:\windows\system32\xiurclhd.ini Has been deleted!
Attempting to delete C:\windows\system32\xlsublrc.ini
C:\windows\system32\xlsublrc.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 6:25:29 p.m. 11/08/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 6:37:22 p.m. 11/08/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 10:35:34 a.m. 12/08/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.7
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 2:55:14 p.m. 12/08/2007
Listing files found while scanning....
No infected files were found.
Re: Help HELP! I can't access any folders like my documents and C: drive and Control Pa..
0
#10 Aug 12th, 2007
oh if this is of any help to anyone trying to help me this is in the DEP file included in error report:
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER0919.dir00\explorer.exe.mdmp
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER0919.dir00\appcompat.txt
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER0919.dir00\explorer.exe.mdmp
C:\DOCUME~1\Kyrin\LOCALS~1\Temp\WER0919.dir00\appcompat.txt
|
Similar Threads
- Unable to access my computer, my documents, and control from start bar and run!! (Windows NT / 2000 / XP)
- Unable to access old user account "Documents and Settings" folder in XP...Please Help (Windows NT / 2000 / XP)
- 2nd SATA HDD - won't let me access "My Documents" (Storage)
- Windows XP Access Denied to slave drive files (Windows NT / 2000 / XP)
- Unable to access My Computer/My Documents/Iexplore etc. (Viruses, Spyware and other Nasties)
- need to access files that are password locked on old hard drive (Windows NT / 2000 / XP)
- Ristricting Access to the Folders (Windows tips 'n' tweaks)
- Where did my desktop go?? (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: New Hijackthislog Please!
- Next Thread: Yes. Yet another connection problem.
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercials conficker connect control crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
