1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help if possible plz

Discussion in 'Windows XP' started by el3nif, Jun 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. el3nif

    el3nif Thread Starter

    Joined:
    Jun 28, 2007
    Messages:
    4
    hey am looking for some help if anyone could help out it would really nice
    when i turn on my pc,when the welcome screen shows up b4 entering windows 2 pop sounds come up and i get a msg saying windows cant open C:\PROGRA~1\INSTAL~1\{ACE66~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{ACE66~1\reboot.ini -l0x9........then another same msg saying windows cant open C:\PROGRA~1\INSTAL~1\{D5068~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D5068~1\reboot.ini -l0x9 this never happend with and i didnt erase anything or remove any program....can any one help out
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/index.php?action=tpmod;dl=item5

    Scroll down to the download section where the download button is

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. el3nif

    el3nif Thread Starter

    Joined:
    Jun 28, 2007
    Messages:
    4
    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:21 AM, on 6/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxcgcoms.exe
    C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{ACE66~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{ACE66~1\reboot.ini -l0x9
    O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{D5068~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D5068~1\reboot.ini -l0x9
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA00E912-AC7D-4039-817F-A5DCB945FE47}: NameServer = 4.5.6.7 4.5.6.7
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HiJackThis – mark them, close IE, click fix checked

    O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{ACE66~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{ACE66~1\reboot.ini -l0x9

    O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{D5068~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D5068~1\reboot.ini -l0x9
     
  5. el3nif

    el3nif Thread Starter

    Joined:
    Jun 28, 2007
    Messages:
    4
    hey first of all thanks for the help ........but it didnt work.....i did like u said...i opened the hijack this....scanned.....checked the 2 boxes u indicated....closed the IE and clicked on fix selected....then restarted the pc....same thing happened....2 pop sounds on startup....
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a new hijack log
     
  7. weazle

    weazle

    Joined:
    Feb 18, 2008
    Messages:
    1
    My wife has this issue as well, but we have SpyBot SD installed and it stops this registry change with a popup asking us to deny or accept this change... so I had her say "Deny" and several others came up and after looking at the entire registry keys, I saw that it was all related to her remote login process into Ford Company's remote login software which uses Cache Cleaner upon logging in and logging out for security purposes.

    Do you do something similar? Or use Cache Cleaner? One of the things that our SpyBot SD tells us is whether the key is being added or removed. In our case, the "[InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{ACE66~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{ACE66~1\reboot.ini -l0x9"

    was being deleted... so no harm there!

    Hopefully this was helpful, if not.... well.... "you can fart in my general direction!" (Monty Python reference!):p

    Later
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/589659

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice