1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Admin Rights Issue

Discussion in 'Windows XP' started by dapper_dave77, Feb 8, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    Windows XP Home edition. Recently had to reinstall in case that might be relevant. I was trying to tidy up a bit by removing some programs from start up using msconfig. Will not allow me to do so and indicatess I may have to log in with an account with admin rights. I am using an acount set up as computer admin. Any ideas? Do I need to boot up in safe mode to do these maintenance things? I had no problems like this before.

    Thanks very much

    Dave
     
  2. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    Follow up. I stared up in safe mode and logged in as administrator user (which only shows up in safe mode) and I was still unable to make changes using msconfig. I have googled many times, read many instances of this happening but I have found no solution. If anyone can help I would really appreciate it.

    thanks again
     
  3. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    More info. In researching to attempt to find a solution I see a lot of posts relating to the problem being caused by Zone Alert or having an HP printer. I use McAfee and have a Lexmark printer, so I am still stuck and perplexed. Please help.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,474
    Hi,

    It could be malware related so let's investigate that possibility.


    Click here to download HJTsetup.exe.
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  5. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    Thank you for the response Cookie. Here is the hijack log file you requested. Let me know if there is anything else needed.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:25:38 PM, on 2/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Dave\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [A_MsnMonitor] "C:\Program Files\AwinSoft\MsnMonitor\MsnMonitor.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: VTAgentReboot.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Around the World in 80 Days\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp02.eastlink.ca/SelfProvisioning.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Sunset Studio\Images\armhelper.ocx
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

    --
    End of file - 7340 bytes

    Thanks again
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,474
    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know.
     
  7. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    Thanks for the reply Cookie. I was preparing to go the ComboFix route but then started getting nervous about possibly messing up the machine as a result. I just did a reinstall before Christmas and want to avoid that. Actually in preparing to do the ComboFix thing I set up the Windows Recovery thing which shows up as an option now when I boot up. Do you know how I get rid of that? And as far as the initial problem, is there an alternative to Combo Fix.

    Thanks for the help


    Dave
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,474
    It's a good thing to have the recovery console installed so you really should leave it even if you don't want to use ComboFix. If something goes wrong and the machine crashes, you usually can boot to the recovery console and fix the problem.

    We'll try with other tools but it would be best to run ComboFix as it has built-in features to handle many specific infections that are running rampant.


    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click ALL
    • In the Win32 Services group click ALL
    • In the Driver Services group click ALL
    • In the Registry group click ALL
    • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
    • In the File String Search group click SELECT ALL
    • in the Additional Scans sections please press select ALL and make sure Non-Microsoft only is UNCHECKED.
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
    Please upload the resulting log here as an attachment. To do that, open a reply dialogue box and click on "manage attachments" then click on "browse" to locate the file on your computer, open it, click on "upload" to upload it and then submit your reply.
     
  9. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    File attached. Again, thanks !
     

    Attached Files:

  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,474
    Also, did you install MsnMonitor intentionally?
     
  11. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    I have had that now for over a year. I purchased the software.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,474
    Disconnect from the Internet and disable your anti-virus and firewall programs. Be sure to remember to re-start them before going on-line again.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Copy and paste the information in the box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

    Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.


    Code:
    [Kill Explorer]
    [Registry - All]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    YN ->  -> %AllUsersStartup%\VTAgentReboot.exe
    [Registry - Additional Scans - All]
    < Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
    YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk -> %SystemDrive%\PROGRA~1\PALTAL~1\palstart.exe
    YN -> C:^Documents and Settings^Home^Start Menu^Programs^Startup^Aliant1.lnk -> 
    [Files/Folders - Created Within 60 days]
    NY -> iWin -> %UserAppData%\iWin
    [Files/Folders - Modified Within 30 days]
    NY -> palsound.txt -> %SystemDrive%\palsound.txt
    NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:01267597
    NY -> @Alternate Data Stream - 120 bytes -> %AllUsersAppData%\TEMP:05816AFA
    NY -> @Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:10B7A752
    NY -> @Alternate Data Stream - 121 bytes -> %AllUsersAppData%\TEMP:12B6A5EC
    NY -> @Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:1CB8D545
    NY -> @Alternate Data Stream - 111 bytes -> %AllUsersAppData%\TEMP:2A5F63D2
    NY -> @Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:3C2F0B53
    NY -> @Alternate Data Stream - 125 bytes -> %AllUsersAppData%\TEMP:407C89D2
    NY -> @Alternate Data Stream - 99 bytes -> %AllUsersAppData%\TEMP:48F0FFF8
    NY -> @Alternate Data Stream - 130 bytes -> %AllUsersAppData%\TEMP:492679C1
    NY -> @Alternate Data Stream - 125 bytes -> %AllUsersAppData%\TEMP:4C49306C
    NY -> @Alternate Data Stream - 104 bytes -> %AllUsersAppData%\TEMP:4D066AD2
    NY -> @Alternate Data Stream - 105 bytes -> %AllUsersAppData%\TEMP:4F0CDE51
    NY -> @Alternate Data Stream - 98 bytes -> %AllUsersAppData%\TEMP:54362937
    NY -> @Alternate Data Stream - 105 bytes -> %AllUsersAppData%\TEMP:557AD709
    NY -> @Alternate Data Stream - 121 bytes -> %AllUsersAppData%\TEMP:59120004
    NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:5EE1C11F
    NY -> @Alternate Data Stream - 130 bytes -> %AllUsersAppData%\TEMP:615435BE
    NY -> @Alternate Data Stream - 94 bytes -> %AllUsersAppData%\TEMP:64265738
    NY -> @Alternate Data Stream - 115 bytes -> %AllUsersAppData%\TEMP:6468C896
    NY -> @Alternate Data Stream - 95 bytes -> %AllUsersAppData%\TEMP:6AA4326A
    NY -> @Alternate Data Stream - 106 bytes -> %AllUsersAppData%\TEMP:6C651D63
    NY -> @Alternate Data Stream - 116 bytes -> %AllUsersAppData%\TEMP:7CACEF61
    NY -> @Alternate Data Stream - 103 bytes -> %AllUsersAppData%\TEMP:8DD623B3
    NY -> @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:949483BD
    NY -> @Alternate Data Stream - 121 bytes -> %AllUsersAppData%\TEMP:95B8F7F6
    NY -> @Alternate Data Stream - 105 bytes -> %AllUsersAppData%\TEMP:9615F95C
    NY -> @Alternate Data Stream - 97 bytes -> %AllUsersAppData%\TEMP:96A96205
    NY -> @Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:9A7901A9
    NY -> @Alternate Data Stream - 105 bytes -> %AllUsersAppData%\TEMP:9B52F176
    NY -> @Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:9F405A6B
    NY -> @Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:A42A9F39
    NY -> @Alternate Data Stream - 111 bytes -> %AllUsersAppData%\TEMP:A4FA68AD
    NY -> @Alternate Data Stream - 99 bytes -> %AllUsersAppData%\TEMP:A518B662
    NY -> @Alternate Data Stream - 110 bytes -> %AllUsersAppData%\TEMP:A696643D
    NY -> @Alternate Data Stream - 107 bytes -> %AllUsersAppData%\TEMP:AC707B50
    NY -> @Alternate Data Stream - 116 bytes -> %AllUsersAppData%\TEMP:ACC4D789
    NY -> @Alternate Data Stream - 133 bytes -> %AllUsersAppData%\TEMP:ADE16379
    NY -> @Alternate Data Stream - 97 bytes -> %AllUsersAppData%\TEMP:B1360D6D
    NY -> @Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:B79CA233
    NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:BA5B6FAE
    NY -> @Alternate Data Stream - 115 bytes -> %AllUsersAppData%\TEMP:C3A3575A
    NY -> @Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMP:C9BFB71E
    NY -> @Alternate Data Stream - 110 bytes -> %AllUsersAppData%\TEMP:D0FE4463
    NY -> @Alternate Data Stream - 108 bytes -> %AllUsersAppData%\TEMP:D109DC55
    NY -> @Alternate Data Stream - 109 bytes -> %AllUsersAppData%\TEMP:D31BE97C
    NY -> @Alternate Data Stream - 120 bytes -> %AllUsersAppData%\TEMP:D60A53F0
    NY -> @Alternate Data Stream - 108 bytes -> %AllUsersAppData%\TEMP:E6EA2A3B
    NY -> @Alternate Data Stream - 123 bytes -> %AllUsersAppData%\TEMP:EA01899E
    NY -> @Alternate Data Stream - 101 bytes -> %AllUsersAppData%\TEMP:EA2FBCA1
    NY -> @Alternate Data Stream - 99 bytes -> %AllUsersAppData%\TEMP:EB6CB455
    NY -> @Alternate Data Stream - 123 bytes -> %AllUsersAppData%\TEMP:F00E008B
    NY -> @Alternate Data Stream - 131 bytes -> %AllUsersAppData%\TEMP:F65733F1
    NY -> @Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:F951183D
    NY -> @Alternate Data Stream - 100 bytes -> %AllUsersAppData%\TEMP:FDA55117
    NY -> iWin -> %UserAppData%\iWin
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
     
  13. dapper_dave77

    dapper_dave77 Thread Starter

    Joined:
    Nov 18, 2007
    Messages:
    23
    Tried to Run Fix as instructed in WinPFind3U and kept getting a Not Responding message. Tried 3 times. Will give it another try tomorrow and post results if it works.

    Thanks
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,474
    Try running it in safe mode.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/680959

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice