PC Review


Closed Thread
Thread Tools Rate Thread

Help please. system32\printer.exe not found message

 
 
New Member
Join Date: Aug 2007
Posts: 8
 
      15th Aug 2007
Hi, I am running Windows XP and when I switch on I get the message `Windows cannot find C:\WINDOWS\system32\printer.exe.`.
This message started appearing after I hooked a virus (trojan horse downloader, trojan horse exploit downloader, trojan horse generic 6, as listed in my AVG free edition virus vault), which I`ve since done scans with AVG, spybot search and destroy, AOL spyware protection and windows defender, removing several items.

Also when trying to remove errors using windows defender, I am getting errors 0x80508026, 0x80501001 and are unable to delete, then telling me to delete the archive they are in. Which I believe means editing the registry.

Microsoft help and support suggested that `cannot find C:\WINDOWS\system32\printer.exe` issue is due to incomplete removal of W32.KWBot.C.worm virus and suggests removing the virus completely from the registry.
However, the registry keys they suggested deleting I could not find...is it possible these keys have already been deleted or is it me looking wrong and should I continue with the rest of their instructions? I am fairly novice at this and am wary of deleting from the registry.

Also when I try to do certain tasks, for eg: add/remove programs I get the message `this operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator`.

Also I have noticed that my control panel has disappeared from the start menu.

Otherwise everything else seems to be running ok.

Any help with this would be much appreciated. Thanks.
 
 
 
 
 
Captain Crunchie, Retired
muckshifter's Avatar
Join Date: Mar 2002
Location: In a Hovel
Posts: 22,379
 
      15th Aug 2007
I suggest you download HijackThis and post a log file so we can take a look.

I also suggest you try a couple of on-line virus scanners.


Welcome to the forums.

 

“I am the dreadful menace. The one whose will is done. The haunting chill upon your neck. I am the Conundrum.”
 
 
 
 
 
New Member
Join Date: Aug 2007
Posts: 8
 
      16th Aug 2007
Hi this attachment is my highjackthis log file. Thanks.
Attached Files
File Type: txt hijackthis2.txt (9.8 KB, 347 views)
 
 
Captain Crunchie, Retired
muckshifter's Avatar
Join Date: Mar 2002
Location: In a Hovel
Posts: 22,379
 
      16th Aug 2007
You do have one nastie I can see, along with a lot of unnecessary/unknown loading programs ... suggest you get HJT to fix;


C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
I call it a nastie!! ... up to you

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
Crock of **** not on my PC ... up to you. I would uninstall

O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr220.dll (file missing)
Unknown application. However, it is unnecessary (deactivated) entry that can be fixed.

Google & Yahoo Toolbars ??? better to dump Yahoo

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Not dangerous, but unnecessary. System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences ... Realplayer ain't allowed anywhere near my PCs

O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
Hmmm, not for me ... don't like it loading up

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169237850\ee\AOLSoftware.exe
Not dangerous, but unnecessary. Quoted from AOL Beta Team

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Not dangerous, but unnecessary. Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE ... are you Japanese/Chinese?

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Two of 'em loading ... see above

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Not dangerous, but unnecessary. InstallShield Update Service Scheduler; automatically searches for and performs any updates to the software so you’re always working with the most current version. Not required.

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Not dangerous, but unnecessary. InstallShield Update Service related; Automatically searches for and performs any updates to the software. Not required.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Not dangerous, but unnecessary. QuickTime, ugh!

O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\STUART NEWSTEAD\Application Data\findfast.exe
I'll sit on the fence, but I would not have it loading on my PCs

O4 - HKLM\..\Run: [LaserJet] C:\WINDOWS\system32\spoolvs.exe
Unsure to me... but have a look Here you decide, but I would be deleting it.

NOTE also
Quote:
... spoolsv.exe is a Microsoft Windows system executable which handles the printing process. This process is not critical to the running of the system but should not be terminated unless suspected of causing problems.

spoolsv.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. If unaccounted for, this process should be removed immediately
.
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
OUCH! Nastie and a half ... must be fixed

O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
It ain't working, is it ... shame AOHell went and dumped Kaspersky for MCrapie ... do not fix with HJT, uninstall this crap.

O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\STUART NEWSTEAD\Application Data\findfast.exe
Again? it's loading twice ??

O4 - HKCU\..\Run: [LaserJet] C:\WINDOWS\system32\spoolvs.exe
oops ... again ??

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Nastie. To be fixed immediately!

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
This ain't MSN ... rename msmsgs.exe to msmsgs.sav ... that will stop this bugger from running.


Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. I cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.



Please turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.



Good luck! You still have a Trogan or two on your system ...



 

“I am the dreadful menace. The one whose will is done. The haunting chill upon your neck. I am the Conundrum.”
 
 
New Member
Join Date: Aug 2007
Posts: 8
 
      16th Aug 2007
Hi, when I attempt to turn off System Restore, after I right click my computer and then click properties all I can get is "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator". Should I use HJT to fix first, before I turn off System Restore? Also, is it just a matter of ticking all of the items you listed above and clicking fix checked? I am assuming that I`m getting the above message when trying to turn off System Restore because of the bugs in the system. Sorry if I seem unsure as I am little more than a beginner.
Thanks again.
 
 
Captain Crunchie, Retired
muckshifter's Avatar
Join Date: Mar 2002
Location: In a Hovel
Posts: 22,379
 
      16th Aug 2007
Yep, better see if you can get some control back with HJT fixes.



 

“I am the dreadful menace. The one whose will is done. The haunting chill upon your neck. I am the Conundrum.”
 
 
New Member
Join Date: Aug 2007
Posts: 8
 
      17th Aug 2007
Fix checked with HJT as you suggested above, but i still have no control panel in start menu, also cant use run control to access it, and are unable to use add/remove programs. Still cant access system restore.
Just getting the operation cancelled administrator message as stated above.
 
 
Captain Crunchie, Retired
muckshifter's Avatar
Join Date: Mar 2002
Location: In a Hovel
Posts: 22,379
 
      17th Aug 2007
I suggest you do this ...

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe


After the above: ...

Please download ATF Cleaner by Atribune.
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program

Under Main choose: Select All
Click the Empty Selected button.

(NOTE: If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.


Next ...

Download ComboFix from HERE to your Desktop, or a folder of choice.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you, combofix.txt.

Note: Do not move the mouse or click while it's running.
That may cause it to stall.


Next ...

Reboot and "copy/paste" a combofix.txt Log and a new HijackThis log file into this thread.



 

“I am the dreadful menace. The one whose will is done. The haunting chill upon your neck. I am the Conundrum.”
 
 
New Member
Join Date: Aug 2007
Posts: 8
 
      17th Aug 2007
Here is my combofix.txt log...

ComboFix 07-08-14.4 - "STUART NEWSTEAD" 2007-08-17 18:21:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.123 [GMT 1:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Redemption.ECF

((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

2007-08-17 18:20 51,200 --a------ C:\WINDOWS\nircmd.exe


2007-08-16 21:23 d-------- C:\DOCUME~1\STUART~1\.housecall6.6



2007-08-16 18:57 d-------- C:\Program Files\Lavasoft



2007-08-16 18:57 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft



2007-08-16 18:55 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-08-16 18:39 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT


2007-08-16 18:39 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver



2007-08-16 18:39 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help



2007-08-16 18:39 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL



2007-08-15 18:38 d-------- C:\Program Files\Uniblue

2007-08-13 19:39 51,206 --a------ C:\DOCUME~1\STUART~1\APPLIC~1\spoolsv.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-15 18:38 --------- d-------- C:\DOCUME~1\STUART~1\APPLIC~1\Uniblue
2007-07-27 17:34 --------- d-------- C:\Program Files\AOL 9.0a
2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 09:55 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-14 09:50 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-14 09:50 --------- d-------- C:\Program Files\Google
2007-07-14 09:47 --------- d-------- C:\DOCUME~1\STUART~1\APPLIC~1\MSNInstaller
2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-05-17 12:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-17 12:28 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 16:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 13:08]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 19:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 13:38]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 13:35]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Pest Cleaning"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2006-12-26 16:44:14]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Assistant.lnk
backup=C:\WINDOWS\pss\AOL Broadband Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

Contents of the 'Scheduled Tasks' folder
2007-08-17 16:41:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-07-04 12:11:21 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
2007-07-04 12:10:36 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 18:22:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-17 18:23:43
C:\ComboFix-quarantined-files.txt ... 2007-08-17 18:23
--- E O F ---


And here is my new HighJackThis log...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:32:28, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\1169237850\ee\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\AOL 9.0a\aoltray.exe
c:\program files\common files\aol\1169237850\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1169237850\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\STUART NEWSTEAD\My Documents\Spyware.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8688 bytes

Thanks.
 
 
Captain Crunchie, Retired
muckshifter's Avatar
Join Date: Mar 2002
Location: In a Hovel
Posts: 22,379
 
      17th Aug 2007
Nice-n-clean ... how is the PC running now ... ?



 

“I am the dreadful menace. The one whose will is done. The haunting chill upon your neck. I am the Conundrum.”
 
 
 
 
Closed Thread

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
404 Not Found - Not Found The requested URL /_vti_bin/shtml.exe/_vti_rpcwas not found on this server cinerama Microsoft Frontpage 1 6th Jan 2008 06:24 PM
What are the Folders Found.000, Found.001, Found.002 etc. all about? xyz Windows XP General 2 30th May 2004 11:55 AM
Windows Backup " The saved selection file ... not found " or "skipped files in folder ... folder not found" error SOLVED! Matthew Mucklo Windows XP General 1 11th May 2004 03:34 AM
is it safe to delete Found.000,Found.001,Found.002,... (newbie) Sting Microsoft Windows 2000 4 16th Jan 2004 04:32 PM
Help! Help! Help! Help! Help! Help! Help! Help! Help! Help! Help! Help! Help! -$- Windows XP Internet Explorer 2 21st Dec 2003 11:45 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 02:57 AM.