0

Well I have a Toshiba laptop, windows XP SP1. I start my computer, and then I am on the log-in screen. I click my user name, put in my password, and press enter. Here is where the problem starts. My name goes to the middle, and then takes a minute to load it to the desktop, after that it goes to the desktop, but It only displays the picture of my desktop backround for another minute. After that the Icons load, but the icons on the bottom right(I think this is called the quick launch taskbar) take another minute to load. Finally it finishes to load. It takes more than 3 minutes to load it all the way. The usual speed is suppose to be 45 seconds to a minute (exception to a new computer or full restored compter which is suppose to take 10 seconds or less to load), but mine is very slow. I really don't have a clue about what caused this problem. I have not instelled anything in the past days. This is crazy. I really need help. Please reply soon. By the way, my IE is still Hi-jacked by res://, and keeps changing to another res:// address constantly. Please reply soon.

4
Contributors
7
Replies
8
Views
13 Years
Discussion Span
Last Post by bill786
0

Well, since you've indicated that you know you've got malware on your system, let's get that cleared up first- those nasties can cause such slowdowns.

I'm moving this to our Security forum now. Could you please download and run HijackThis and post your log for us to review. Read some of the threads in Security to find out how to properly configure and run HJT.

0

Ok, below is a fresh log. Yeah, I want that problem removed first, it is crazy. I am going crazy as well. By the way, the hompage (res://) keeps changing to a different one. One more think, I have another problem. I have to type in www before the website name and before .com . Usually I just type in the website name.com (EX: yahoo.com <<<< no www.). Please help me fix the problems. One last thing also. My problem got worse. Now it loads to my desktop, shows the backround picture, and now takes 6 MINUTES TO LOAD!!!!! This is crazy.

Logfile of HijackThis v1.98.0
Scan saved at 8:10:32 PM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\ntnr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\MoreResults\MoreResults.exe
C:\WINDOWS\System32\oiqpkqp.exe
C:\WINDOWS\system32\apiny32.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bilal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\danfd.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://danfd.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://danfd.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\danfd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\danfd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://danfd.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {B856C014-733A-E7C2-BA3A-B880A9541D36} - C:\WINDOWS\ntwk.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [MoreResults] C:\Program Files\MoreResults\MoreResults.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [xbnjtberp] C:\WINDOWS\System32\oiqpkqp.exe
O4 - HKLM\..\Run: [apiny32.exe] C:\WINDOWS\system32\apiny32.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Bilal\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunOnce: [sdkwb32.exe] C:\WINDOWS\sdkwb32.exe
O4 - HKLM\..\RunOnce: [d3de32.exe] C:\WINDOWS\system32\d3de32.exe
O4 - HKLM\..\RunOnce: [applu32.exe] C:\WINDOWS\applu32.exe
O4 - HKLM\..\RunOnce: [javavo.exe] C:\WINDOWS\javavo.exe
O4 - HKLM\..\RunOnce: [sdkyy32.exe] C:\WINDOWS\system32\sdkyy32.exe
O4 - HKLM\..\RunOnce: [appfa.exe] C:\WINDOWS\appfa.exe
O4 - HKLM\..\RunOnce: [netaz.exe] C:\WINDOWS\netaz.exe
O4 - HKLM\..\RunOnce: [apiiw.exe] C:\WINDOWS\apiiw.exe
O4 - HKLM\..\RunOnce: [ipqh.exe] C:\WINDOWS\system32\ipqh.exe
O4 - HKLM\..\RunOnce: [apint32.exe] C:\WINDOWS\system32\apint32.exe
O4 - HKLM\..\RunOnce: [javaco.exe] C:\WINDOWS\system32\javaco.exe
O4 - HKLM\..\RunOnce: [mfcvb32.exe] C:\WINDOWS\system32\mfcvb32.exe
O4 - HKLM\..\RunOnce: [atlfx.exe] C:\WINDOWS\atlfx.exe
O4 - HKLM\..\RunOnce: [addig.exe] C:\WINDOWS\addig.exe
O4 - HKLM\..\RunOnce: [netmq32.exe] C:\WINDOWS\netmq32.exe
O4 - HKLM\..\RunOnce: [apiem.exe] C:\WINDOWS\system32\apiem.exe
O4 - HKLM\..\RunOnce: [sysxd32.exe] C:\WINDOWS\sysxd32.exe
O4 - HKLM\..\RunOnce: [ipvf32.exe] C:\WINDOWS\ipvf32.exe
O4 - HKLM\..\RunOnce: [d3bl32.exe] C:\WINDOWS\d3bl32.exe
O4 - HKLM\..\RunOnce: [nttk32.exe] C:\WINDOWS\system32\nttk32.exe
O4 - HKLM\..\RunOnce: [mfced32.exe] C:\WINDOWS\mfced32.exe
O4 - HKLM\..\RunOnce: [ipix32.exe] C:\WINDOWS\system32\ipix32.exe
O4 - HKLM\..\RunOnce: [ntnr32.exe] C:\WINDOWS\ntnr32.exe
O4 - HKLM\..\RunOnce: [addih32.exe] C:\WINDOWS\addih32.exe
O4 - HKLM\..\RunOnce: [mfcee.exe] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\system32\javato.exe
O4 - HKLM\..\RunOnce: [winzp.exe] C:\WINDOWS\winzp.exe
O4 - HKLM\..\RunOnce: [mfcjt.exe] C:\WINDOWS\system32\mfcjt.exe
O4 - HKLM\..\RunOnce: [sdkho.exe] C:\WINDOWS\sdkho.exe
O4 - HKLM\..\RunOnce: [appac32.exe] C:\WINDOWS\appac32.exe
O4 - HKLM\..\RunOnce: [mfczp.exe] C:\WINDOWS\mfczp.exe
O4 - HKLM\..\RunOnce: [addyf.exe] C:\WINDOWS\system32\addyf.exe
O4 - HKLM\..\RunOnce: [mspf.exe] C:\WINDOWS\system32\mspf.exe
O4 - HKLM\..\RunOnce: [sysro.exe] C:\WINDOWS\sysro.exe
O4 - HKLM\..\RunOnce: [ntby32.exe] C:\WINDOWS\ntby32.exe
O4 - HKLM\..\RunOnce: [winwi.exe] C:\WINDOWS\winwi.exe
O4 - HKLM\..\RunOnce: [winrr.exe] C:\WINDOWS\winrr.exe
O4 - HKLM\..\RunOnce: [apicn.exe] C:\WINDOWS\system32\apicn.exe
O4 - HKLM\..\RunOnce: [syskj.exe] C:\WINDOWS\system32\syskj.exe
O4 - HKLM\..\RunOnce: [ntxy32.exe] C:\WINDOWS\ntxy32.exe
O4 - HKLM\..\RunOnce: [ntzs32.exe] C:\WINDOWS\ntzs32.exe
O4 - HKLM\..\RunOnce: [mfcwc.exe] C:\WINDOWS\mfcwc.exe
O4 - HKLM\..\RunOnce: [javagu.exe] C:\WINDOWS\javagu.exe
O4 - HKLM\..\RunOnce: [apiqs.exe] C:\WINDOWS\system32\apiqs.exe
O4 - HKLM\..\RunOnce: [ntgc.exe] C:\WINDOWS\system32\ntgc.exe
O4 - HKLM\..\RunOnce: [appfj.exe] C:\WINDOWS\system32\appfj.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0631ccf5b9fa43f55e22/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: icoo - {2CC63CCE-A945-4D6A-9FA0-3669D7C3C22C} - C:\Program Files\ICOO Loader\addons7\icoourl.dll

0

Click here to download and install Registrar Lite. Install, run, copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

and hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field.

Click here or here to download FindnFix.exe (2K/XP only!) by freeatlast. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt here.

0

There is no such thing called AppInit_DLLs on there. By the way, I use ad-aware and scan. All the problems get fixed, the whole IE is good, but 1 minute later IE gets hi-jacked again by res:// and it goes crazy again. PLEASE HELP!!!!

Below is the log.txt:

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»*** Read this first! ***»»»»»»»»»»»»»»»»
Due to errors on various message boards I made some changes.
You must know how to ID the file based on the filters provided in
the scan, as not all the files flagged are bad.
If you make a mistake or use the wrong guidance, it is completely
your responsibility and the helper that assists you.
If you are not sure about the nature of the file or how
to proceed, I suggest you research it first before attempting
to remove any *unknown file on your own.
*For Helpers and/or users that are not familiar with any of the
items on the scan results- I recommend using an alternative, once
you know what to look for!
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
--The directory 'junkxxx' is now included as a Subfolder in the FINDnfix folder
and is the destination for the file to be moved..
-*Previous directions will no longer work...
»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»

Microsoft Windows XP [Version 5.1.2600]
»»»IE build and last SP(s)
6.0.2800.1106 SP1-Q810847-Q813951-Q837009-Q832894-Q831167
The type of the file system is NTFS.
C: is not dirty.

Sat 07/10/2004
10:06pm up 0 days, 0:48

»»»»»»»»»»»»»»»»»»***LOG!***(*modified 7/8)»»»»»»»»»»»»»»»»

Scanning for file(s)...
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»» (*1*) »»»»» .........
»»Locked or 'Suspect' file(s) found...


»»»»» (*2*) »»»»»........
**File C:\FINDnFIX\LIST.TXT

»»»»» (*3*) »»»»»........

No matches found.

unknown/hidden files...

C:\WINDOWS\SYSTEM32\
ersii.dll Fri Jun 4 2004 5:26:06p A.SH. 67,584 66.00 K
xsycj.dll Wed Jun 30 2004 3:29:34p A.SH. 67,584 66.00 K

2 items found: 2 files, 0 directories.
Total of file sizes: 135,168 bytes 132.00 K

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\ERSII.DLL
Sniffed -> C:\WINDOWS\SYSTEM32\XSYCJ.DLL

»»»»»(*5*)»»»»»
**File C:\WINDOWS\SYSTEM32\DLLXXX.TXT

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»»Search by size...


No matches found.

No matches found.

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.


»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 398

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM


»»Member of...: (Admin logon required!)
User is a member of group COMPUTER\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.

»» Service search:(different variant) '"Network Security Service","__NS_Service_3"...

[SC] GetServiceKeyName SUCCESS
Name = __NS_Service_3
[SC] GetServiceDisplayName SUCCESS
Name = Network Security Service

»»Notepad check....

C:\WINDOWS\
notepad.exe Thu Aug 29 2002 5:00:00a A.... 66,048 64.50 K

1 item found: 1 file, 0 directories.
Total of file sizes: 66,048 bytes 64.50 K

No matches found.

No matches found.


»»»»»»Backups created...»»»»»»
10:08pm up 0 days, 0:50
Sat 07/10/2004

A C:\FINDnFIX\keyback.hiv
--a-- - - - - - 8,192 07-10-2004 keyback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 268 07-10-2004 winkey.reg

C:\FINDNFIX\
JUNKXXX Sat Jul 10 2004 10:06:22p .D... <Dir>

1 item found: 0 files, 1 directory.

»»Performing string scan....
00001150: vk UDeviceNotSelecte
00001190:dTimeout 1 5 ( h vk ' zGDIProce
000011D0:ssHandleQuota" 9 0 =t vk Spooler2
00001210: y e s _ vk 5swapdisk h
00001250: X vk . TransmissionRetryTimeout vk
00001290: ' P USERProcessHandleQuota4 h X
000012D0: (
00001310:
00001350:
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0: d& [& 1 = 1
00001510: = q (
00001550: To display the help of IME Pad, please use the file Pintlpad
00001590:e.chm or invoke help while IME Pad is activated. 1 =
000015D0: 1 e ; 4 ;

---------- WIN.TXT
--------------
--------------
No strings found.

--------------
--------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value entry was NOT found!

0

AppInitDLLs must exist as you have XP. Did you mean that there was no value there?

Download About:buster from http://downloads.subratam.org/AboutBuster.zip and unzip it to your desktop.

Click here for instructions on how to boot into safe mode.

Boot up in safe mode.

Run About:buster, click OK, Start, and OK again to start the scan. Let it scan and fix everything it finds.

Reboot your computer in normal mode.

0

I did what you told me. Yes, there is no AppInitDLLs, like it says on the bottom of the log.txt. It says :
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

A handle was successfully obtained for the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key.
This key has 0 subkeys.
The AppInitDLLs value entry was NOT found!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.