Jump to content

zizou

Members
  • Content Count

    93
  • Joined

  • Last visited

Posts posted by zizou


  1. My current Gigabyte motherboard BIOS version doesn't support the Opteron 170 cpu that i am going to install. So it is necessary that i flash my BIOS before i install the cpu.

     

    Now the question is, how do i flash my BIOS without a floppy drive? My motherboard supports Q-Flash, so flashing is alot easier. However, it still requires a floppy disk. I have read from other sources about burning a floppy disk image onto a CD-R, and burning the new BIOS version together onto the CD-R, so the CD acts like a floppy. Any suggestions?


  2. You need to install the driver before the system will see it, if you tell us what make\model your motherboard is we can direct you to them, but probably 80% or more of your devices will be installed when you install the chipset drivers, but that depends on what board\driver it uses, but if it uses the nForce drivers they install most everything, or else as I said above get and run Everest and it will tell you everything you have on your system.

     

    My motherboard is Gigabyte K8NF-9, not sure what revision it is. So i guess i can install the default mobo drivers that came with the packaging? Or go to http://www.giga-byte.com/Support/Motherboa...?ProductID=1860 and download the LAN drivers?


  3. I'll put money on you needing to install drivers, if you reformatted and haven't installed the drivers thats why you can't get out, odds on you need to install at least your Ethernet driver then you should connect fine, check under your device manager in the control panel and you will see just what needs installing, just go to the manufacturers site and find the item you need and download the driver, save it to disk and swap it to the new install and install it, if you need help identifying what hardware you have download Everest from majorgeeks and that will tell you what you have.

     

    Ok i have question. In both Network Connections and Device Manager, only the 1394 adaptor is showing. So how do i install drivers for a device which isn't showing?


  4. I'll put money on you needing to install drivers, if you reformatted and haven't installed the drivers thats why you can't get out, odds on you need to install at least your Ethernet driver then you should connect fine, check under your device manager in the control panel and you will see just what needs installing, just go to the manufacturers site and find the item you need and download the driver, save it to disk and swap it to the new install and install it, if you need help identifying what hardware you have download Everest from majorgeeks and that will tell you what you have.

     

    Ok thx a million for your suggestion. I'll see if this works and i will post back :)


  5. Onboard or not, the NIC needs a driver.

     

    What make and model motherboard/computer/etc?

     

    The 1394 Net Adapter in the screenshot is a firewire connection. Does the device manager show an ethernet adapter under Network Adapters?

     

    What does the cable that plugs into the computer from the router look like, this:

     

    post-9930-1193122263_thumb.jpg

     

    or this:

     

    post-9930-1193122398_thumb.jpg

    If the cable from the router/modem looks like the bottom cable, that is an ethernet cable that is plugging into an ethernet adapter that should be showing in both the device manager and network connections. If there is no ethernet adapter showing, the next step is to find and install the driver.

     

    My motherboard is Gigabyte GA-K8NF-9, not sure what revision.

     

    Device manager and Network Connections only show the 1394 adapter.

     

    My cable looks like the bottom one. So do i go to download the LAN drivers in here - http://www.giga-byte.com/Support/Motherboa...?ProductID=1860?


  6. I have just formatted my entire computer, and now I have problems getting connected to the internet.

    Here's the story:

     

    Upon installing a fresh copy of Windows XP SP2, I opened IE and typed '192.168.0.1' in the url bar, as that was the url for my router configurations. However this appeared: http://img148.imageshack.us/img148/1750/19216801wj5.th.jpg

     

    I then unplugged my router and connected my modem directly to my computer instead. I resetted my modem via a switch on the hardware, and i installed the ADSL utility on my computer. This was what happened after i clicked on the 'diagnostic test': http://img91.imageshack.us/img91/5493/adslem4.th.jpg

     

    I have tried to set up a new connection via network connections manually, but it all seems like my network adapter isn't being detected. But i have checked my hardware list through 'device manager' and my network adapter is working fine. This is what is showing in my 'Network Connections': http://img528.imageshack.us/img528/2795/ne...tionsjh3.th.jpg

     

    I am using a Netgear router and an Aztech ADSL modem. My internet access was perfectly fine before i formatted my computer. Anyone have any idea what is wrong? Help pls?


  7. I have just formatted my entire computer, and now I have problems getting connected to the internet.

    Here's the story:

     

    Upon installing a fresh copy of Windows XP SP2, I opened IE and typed '192.168.0.1' in the url bar, as that was the url for my router configurations. However this appeared: http://img148.imageshack.us/img148/1750/19216801wj5.th.jpg

     

    I then unplugged my router and connected my modem directly to my computer instead. I resetted my modem via a switch on the hardware, and i installed the ADSL utility on my computer. This was what happened after i clicked on the 'diagnostic test': http://img91.imageshack.us/img91/5493/adslem4.th.jpg

     

    I have tried to set up a new connection via network connections manually, but it all seems like my network adapter isn't being detected. But i have checked my hardware list through 'device manager' and my network adapter is working fine. This is what is showing in my 'Network Connections': http://img528.imageshack.us/img528/2795/ne...tionsjh3.th.jpg

     

    I am using a Netgear router and an Aztech ADSL modem. My internet access was perfectly fine before i formatted my computer. Anyone have any idea what is wrong? Help pls?


  8. hello,

     

    try visiting this link

     

    CAUTION: Once downloaded, running this script changes your registry settings. Shogan

     

    http://www.dougknox.com/xp/scripts/xp_folder_open.vbs

     

    when you see finished!! at the bottom, try opening your drives again.

     

    let us know if it fixes it.

     

    Doesn't help...

     

    For everyone's info: This problem arose only after i removed several adwares, trojans and crappy stuff from my comp using Ewido anti-spyware. I think it could be due to the program removing an infected file which was required for my drives to open normally. My 1 cents' worth..


  9. Hi there,

     

    When i open My Computer and double click on any one of my drives to enter it, an 'Open With' menu would appear instead. The only way i can access my drives is by right-clicking on a drive and selecting 'Explore' to open it. What should i do to be able to open my drives directly once again via double-clicking on them?


  10. Well, one of the reasons to my reluctance to install anti-virus programs is that they take up resources and they conflict with many programs. Moreover, my computer was absolutely fine and clean before i disconnected the router and connected to the internet via my modem only. This, i believe, was what caused my computer to be attacked so severely.

     

    Btw, pcast is a tv streaming program. I don't think it's the podcastbar thing. I uninstalled pcast long ago.


  11. Well i did a ewido scan and it detected winupdate.exe as a malicious adware, so i removed it.

     

    I am also unable to find the 37211.dll file.

     

    So here's the HJT log

     

    Logfile of HijackThis v1.99.1

    Scan saved at 13:40, on 06-08-27

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    D:\program files\powerstrip\pstrip.exe

    D:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\WINDOWS\System32\svchost.exe

    D:\Program Files\HJT\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152324366890

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBB5088-E13A-4229-BA55-73E392119993}: NameServer = 165.21.83.88,165.21.100.88

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe (file missing)


  12. Btw i am behind a router (which is a firewall by itself), and i frequently use online anti-virus scans like Panda and Housecall, so i don't feel i need any anti-virus programs.

     

    PS: D:\Program Files\pcast

    D:\Program Files\Hacking\GM51.exe

    D:\Program Files\Hacking\Msn freezer\IceCold ReLoaded.exe

     

    The above files are legitimate so there's no need to remove them.


  13. Here is the HJT log:

     

    Logfile of HijackThis v1.99.1

    Scan saved at 10:51, on 06-08-27

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    D:\program files\powerstrip\pstrip.exe

    D:\Program Files\ewido anti-spyware 4.0\guard.exe

    C:\WINDOWS\winupdate.exe

    C:\WINDOWS\System32\svchost.exe

    D:\Program Files\Opera\Opera.exe

    D:\Program Files\HJT\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINDOWS\system32\37211.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [PowerStrip] d:\program files\powerstrip\pstrip.exe

    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152324366890

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBB5088-E13A-4229-BA55-73E392119993}: NameServer = 165.21.83.88,165.21.100.88

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe


  14. Here is the comboFix log:

     

    ((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))

     

     

    2006-08-27 10:38 15,872 -r-hs---- C:\WINDOWS\system32\Downdll.dll

    2006-07-27 17:19 65,536 --a------ C:\WINDOWS\IFinst27.exe

     

     

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

     

     

    2006-08-19 21:07 -------- d-------- C:\Documents and Settings\krp\Application Data\SopCast

    2006-08-19 10:14 4280832 --a------ C:\WINDOWS\system32\logonuiX.exe

    2006-06-25 22:12 5435392 --a------ C:\WINDOWS\system32\nvoglnt.dll

    2006-06-23 02:19 98304 --a------ C:\WINDOWS\system32\nvapi.dll

    2006-06-23 02:19 86016 --a------ C:\WINDOWS\system32\nvmctray.dll

    2006-06-23 02:19 81920 --a------ C:\WINDOWS\system32\nvwddi.dll

    2006-06-23 02:19 7581696 --a------ C:\WINDOWS\system32\nvcpl.dll

    2006-06-23 02:19 573440 --a------ C:\WINDOWS\system32\nvhwvid.dll

    2006-06-23 02:19 466944 --a------ C:\WINDOWS\system32\nvshell.dll

    2006-06-23 02:19 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll

    2006-06-23 02:19 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

    2006-06-23 02:19 425984 --a------ C:\WINDOWS\system32\keystone.exe

    2006-06-23 02:19 3998592 --a------ C:\WINDOWS\system32\nv4_disp.dll

    2006-06-23 02:19 35840 --a------ C:\WINDOWS\system32\nvcodins.dll

    2006-06-23 02:19 35840 --a------ C:\WINDOWS\system32\nvcod.dll

    2006-06-23 02:19 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

    2006-06-23 02:19 229376 --a------ C:\WINDOWS\system32\nvmccs.dll

    2006-06-23 02:19 208896 --a------ C:\WINDOWS\system32\nvudisp.exe

    2006-06-23 02:19 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

    2006-06-23 02:19 1519616 --a------ C:\WINDOWS\system32\nwiz.exe

    2006-06-23 02:19 147456 --a------ C:\WINDOWS\system32\nvcolor.exe

    2006-06-23 02:19 1466368 --a------ C:\WINDOWS\system32\nview.dll

    2006-06-23 02:19 143426 --a------ C:\WINDOWS\system32\nvsvc32.exe

    2006-06-23 02:19 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

    2006-06-23 02:19 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

    2006-06-15 21:53 356352 --a------ C:\WINDOWS\eSellerateEngine.dll

    2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvusmb.exe

    2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvunrm.exe

    2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

    2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvuide.exe

    2006-06-01 09:57 1224704 --a------ C:\WINDOWS\system32\pCastCtl.dll

    2006-05-30 09:54 0 --a------ C:\WINDOWS\system32\edfimg_17401.exe

    2006-05-30 09:20 0 --a------ C:\WINDOWS\system32\hqghumea.dll

     

     

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

     

    *Note* empty entries are not shown

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "PowerStrip"="d:\\program files\\powerstrip\\pstrip.exe"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

    "Installed"="1"

    "NoChange"="1"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

    "Installed"="1"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

    "dontdisplaylastusername"=dword:00000000

    "legalnoticecaption"=""

    "legalnoticetext"=""

    "shutdownwithoutlogon"=dword:00000001

    "undockwithoutlogon"=dword:00000001

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

    "DeskHtmlVersion"=dword:00000110

    "DeskHtmlMinorVersion"=dword:00000005

    "Settings"=dword:00000001

    "GeneralFlags"=dword:00000000

     

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

     

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

    "location"="Common Startup"

    "command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

    "item"="Adobe Reader Speed Launch"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"

    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

    "location"="Common Startup"

    "command"="D:\\PROGRA~1\\MICROS~1\\Office10\\OSA.EXE -b -l"

    "item"="Microsoft Office"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^krp^Start Menu^Programs^Startup^Diskeeper 10 Professional Edition Registration.lnk]

    "path"="C:\\Documents and Settings\\krp\\Start Menu\\Programs\\Startup\\Diskeeper 10 Professional Edition Registration.lnk"

    "backup"="C:\\WINDOWS\\pss\\Diskeeper 10 Professional Edition Registration.lnkStartup"

    "location"="Startup"

    "command"="D:\\PROGRA~1\\DISKEE~1\\DISKEE~2\\ESIREG~1.EXE /remind /language=ENU /PRNM=\"Diskeeper 10 Professional Edition\""

    "item"="Diskeeper 10 Professional Edition Registration"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^krp^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]

    "path"="C:\\Documents and Settings\\krp\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk"

    "backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"

    "location"="Startup"

    "command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "

    "item"="OpenOffice.org 2.0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="ewido"

    "hkey"="HKLM"

    "command"="\"D:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BootSkin Startup Jobs]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="BootSkin"

    "hkey"="HKLM"

    "command"="\"D:\\PROGRA~1\\BOOTSKIN\\BootSkin.exe\" /StartupJobs"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="daemon"

    "hkey"="HKLM"

    "command"="\"D:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DiskeeperSystray]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="DkIcon"

    "hkey"="HKLM"

    "command"="\"D:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="IMJPMIG"

    "hkey"="HKLM"

    "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="iTunesHelper"

    "hkey"="HKLM"

    "command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="dumprep 0 -k"

    "hkey"="HKLM"

    "command"="%systemroot%\\system32\\dumprep 0 -k"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogonStudio]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="logonstudio"

    "hkey"="HKLM"

    "command"="\"D:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="msmsgs"

    "hkey"="HKCU"

    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnsyslog]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="msnpolym"

    "hkey"="HKLM"

    "command"="C:\\WINDOWS\\msnpolym.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="NeroCheck"

    "hkey"="HKLM"

    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="NvCpl"

    "hkey"="HKLM"

    "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="NvMcTray"

    "hkey"="HKLM"

    "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="nwiz"

    "hkey"="HKLM"

    "command"="nwiz.exe /install"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCPitstop Optimize Registration Reminder]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Reminder"

    "hkey"="HKLM"

    "command"="D:\\Program Files\\PCPitstop\\Optimize\\Reminder.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="TINTSETP"

    "hkey"="HKLM"

    "command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="TINTSETP"

    "hkey"="HKLM"

    "command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="PWRISOVM"

    "hkey"="HKLM"

    "command"="D:\\Program Files\\PowerISO\\PWRISOVM.EXE"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="qttask"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Rapget]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="rapget"

    "hkey"="HKLM"

    "command"="D:\\Program Files\\Download toolz\\Rapget\\rapget.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="PDVDServ"

    "hkey"="HKLM"

    "command"="\"D:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="SOUNDMAN"

    "hkey"="HKLM"

    "command"="SOUNDMAN.EXE"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"=""

    "hkey"="HKCU"

    "command"=""

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\STYLEXP]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="StyleXP"

    "hkey"="HKCU"

    "command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="jusched"

    "hkey"="HKLM"

    "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="realsched"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

    "inimapping"="0"

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\updateMgr]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="AdobeUpdateManager"

    "hkey"="HKCU"

    "command"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"

    "inimapping"="0"

     

     

     

    Completion time: 06-08-27 10:49:51.07

    ComboFix2.txt

    ComboFix.txt


  15. Download the following XP File Association Fix:

    http://www.dougknox.com/xp/fileassoc/xp_regfile.zip

    Extract it to the Desktop to a folder of its own

    To run, double Click on the exe file in the folder.

    Follow the prompts

     

    Restart the computer.

     

    Check to see if you can now open programs.

     

    ====

    Will get back with you later on the malware issue.

     

    That didn't help, but i fixed it on my own anyway. ;)

×
×
  • Create New...