# Solved: Windows cannot find "copy.exe"



## onedavester

Symantec removed a Trojan from my Xp computer today along with copy.exe.

Now when I go to my computer and click on any of my hard drives, I get Windows cannot find "copy.exe". I can only access my hard drives via IE.


----------



## JSntgRvr

Hi, *onedavester* 

Welcome.

There is something strange about this.

*Click here* to download *HJTsetup.exe*

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Addition Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required. 

In addition, Click *here* to download WinPFind .

Right Click the Zip Folder and Select "Extract All" 
Extract it somewhere you will remember like the Desktop 
Dont do anything with it yet!

*Reboot into Safe Mode*

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


Double click WinPFind.exe 
Click "Start Scan" 
It will scan the entire System, so please be patient! 
Once the Scan is Complete, *restart the computer back in Normal Mode.* 
Go to the WinPFind folder 
Locate *WinPFind.txt *
Place those results in the next reply!


----------



## onedavester

Logfile of HijackThis v1.99.1
Scan saved at 6:53:33 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Dave\Desktop\Stick\HijackThis.exe

F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Registry Clean Expert\RegCleanExpert.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://portal.bassett.org/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139751853687
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4790/mcfscan.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A4CFFE9-3148-4C77-8B47-78A07CECCF0E}: NameServer = 12.189.32.61
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


----------



## onedavester

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 8/4/2004 1:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PEC2 1/21/2006 12:09:50 PM 230400 C:\WINDOWS\SYSTEM32\tssOfficeMenu1d.ocx
PECompact2 1/21/2006 12:09:50 PM 230400 C:\WINDOWS\SYSTEM32\tssOfficeMenu1d.ocx
winsync 8/23/2001 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 12/5/2003 11:18:08 PM 101376 C:\WINDOWS\SYSTEM32\xvid.ax

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/12/2006 11:25:44 PM S 2048 C:\WINDOWS\bootstat.dat
8/12/2006 10:59:28 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
8/12/2006 10:59:34 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
8/12/2006 11:00:12 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
8/12/2006 10:59:36 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
8/12/2006 11:00:54 PM H 266240 C:\WINDOWS\repair\ntuser.dat
8/12/2006 4:49:26 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\044a6f562ca5290509d799bf41a52aed\BIT16.tmp
8/12/2006 4:53:32 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\05050b9994d820e7079f0c7c2a7a3e01\BIT1A.tmp
8/12/2006 4:57:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0da4d07f1c0daddae341154d5c5618e8\BIT1E.tmp
8/12/2006 4:58:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\12872a4fd5ad52aafc9035961c16e563\BIT1F.tmp
8/12/2006 5:14:16 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20cd36d7283b4940f5d55fba9d008bc7\BIT2E.tmp
8/12/2006 5:30:20 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2337f75b6cfb9c1756b2d48701476ee3\BIT3D.tmp
8/12/2006 5:21:46 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2599f89a22d2a65299ffec348453588c\BIT35.tmp
8/12/2006 4:52:30 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2991f70fec08210a301ba3d28684d595\BIT19.tmp
 8/12/2006 5:18:34 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2bf1a26042bcc156c98a41e2105dfc3b\BIT32.tmp
8/12/2006 5:32:28 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2f8972f47c1980a533dc0f726730f789\BIT3F.tmp
8/12/2006 5:29:16 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\321ca12b9fa3a6e84c5208a19d84f4b9\BIT3C.tmp
8/12/2006 5:24:58 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\35cce4c0c04512d0bce9f3bf12fcbdee\BIT38.tmp
8/12/2006 5:15:20 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\36a2d56bfaf653641b67e8413870534a\BIT2F.tmp
8/12/2006 5:33:34 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3a84255fa53bf624e6efd81d8d5d3ebf\BIT40.tmp
8/12/2006 5:11:08 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3d1f1ef69c42658cd4588e972c54bb63\BIT2B.tmp
8/12/2006 5:31:24 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4507315e795e4b1a19374ad387e506fb\BIT3E.tmp
8/12/2006 5:05:54 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\550b1142f7e1f8ec32b1cdb4c5b12158\BIT26.tmp
8/12/2006 5:23:56 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\57bffbe98102c87c00d9009d1a21597a\BIT37.tmp
8/12/2006 5:22:50 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5b4fc36992d4aa37911376d5c1e0e6ff\BIT36.tmp
8/12/2006 5:26:02 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5ce82d6fe07555fb9de241d0a5a80347\BIT39.tmp
8/12/2006 5:36:48 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\67b903d652c691e53b3eb9a727375ac0\BIT43.tmp
8/12/2006 4:51:30 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b06da40652f8ab972561e743ae05a96\BIT18.tmp
8/12/2006 4:48:26 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\BIT15.tmp
8/12/2006 5:16:26 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\74eac9a4b069a45e3e4e8d162f3dd349\BIT30.tmp
8/12/2006 4:45:24 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\79a472c662fcaea1ff845b3a03de2d4f\BIT12.tmp
8/12/2006 5:17:30 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a0b2e29d3aa48d4be478bc6a367b3b1\BIT31.tmp
8/12/2006 5:08:00 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7fb9a1dcd00c55662f93dcfc1b3ae0e6\BIT28.tmp
8/12/2006 4:47:24 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\837ee431df87226c3788bde39d0fd5c6\BIT14.tmp
8/12/2006 5:27:06 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8cba22abe8f75dc35995de26fee51cb5\BIT3A.tmp
8/12/2006 4:54:32 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8cd6b657df2be1875bba5acbd76b9294\BIT1B.tmp
8/12/2006 4:46:24 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\901d98c899726f2d1e49c234329550a9\BIT13.tmp
8/12/2006 5:00:42 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9068529eb9ffcb0374073e28df2ec7a6\BIT21.tmp
8/12/2006 5:28:12 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9abfb63b253fa152e6c1ba7c8a3b216f\BIT3B.tmp
8/12/2006 5:04:52 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9c6a857a536c230a49190993fc1c2a15\BIT25.tmp
8/12/2006 5:01:46 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a10059c9324422cfcb0f7ef897dbfc6d\BIT22.tmp
8/12/2006 5:10:06 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b644f487577711809366dbf3bb5f84d7\BIT2A.tmp
8/12/2006 4:42:22 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b698fa070be2bb519363d15b488fcca8\BITF.tmp
8/12/2006 5:03:50 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\BIT24.tmp
8/12/2006 5:34:38 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c38f81748688325a9df6ee13850c72ae\BIT41.tmp
8/12/2006 4:56:36 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c8a4c951c3e8ab4dd628bb92a80adc33\BIT1D.tmp
8/12/2006 4:59:40 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c9ca23e0db0bf40b7c223d3803986f23\BIT20.tmp
8/12/2006 5:20:42 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ccf16a349964b0c1db2aca1fe8adaff2\BIT34.tmp
8/12/2006 4:41:36 PM H 333032 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cf6711df6004b507aee20e828abd0934\BITE.tmp
8/12/2006 5:06:58 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cf90e529267ca119c39465c951264b3a\BIT27.tmp
8/12/2006 5:02:48 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e0dc0b83689ce7b61aec9a92ab403ff5\BIT23.tmp
8/12/2006 4:43:22 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e248e6e6cf7cf235ca9adad589c1947a\BIT10.tmp
8/12/2006 4:44:22 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e2b4d3fe99fff743f9d3d64ed7c7e582\BIT11.tmp
8/12/2006 4:50:28 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e8aaf3d0f5a2a9436cb55a74f4d86214\BIT17.tmp
8/12/2006 5:09:04 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ead7837e90f144c8b951601ec9bcfe5a\BIT29.tmp
8/12/2006 5:35:42 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ecfce25a95ce63c5f2916759afdade7f\BIT42.tmp
8/12/2006 4:55:34 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e8876507c7f9f7533d48d28ca86168\BIT1C.tmp
8/12/2006 5:13:14 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa4f65ff7c7106a46457f558c01dcc94\BIT2D.tmp
8/12/2006 5:12:10 PM H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa998053d8f05286f86623337cfbdf24\BIT2C.tmp


----------



## onedavester

C:\WINDOWS\system32\cdplayer.exe.manifest
8/12/2006 10:59:34 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
8/12/2006 10:59:28 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
8/12/2006 10:59:28 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
8/12/2006 10:59:28 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
8/12/2006 10:59:34 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
8/12/2006 10:59:28 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
8/12/2006 5:55:32 PM H 0 C:\WINDOWS\system32\config\default.tmp.LOG
8/12/2006 5:55:32 PM H 0 C:\WINDOWS\system32\config\software.tmp.LOG
8/12/2006 5:55:08 PM H 0 C:\WINDOWS\system32\config\system.tmp.LOG
8/12/2006 5:55:02 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
8/12/2006 5:55:32 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
8/12/2006 11:00:58 PM H 1024 C:\WINDOWS\system32\config\userdifr.LOG
8/12/2006 12:29:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a9f405f3-85d6-477a-a873-a99f17c31460
8/12/2006 12:29:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/12/2006 11:24:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
3/9/2006 3:29:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/27/2001 9:41:50 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
SiSoftware 6/24/2003 1:11:02 PM 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 162304 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/23/2001 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl


----------



## onedavester

»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/12/2006 11:00:50 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/12/2006 9:57:48 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2/12/2006 11:23:04 AM 419 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
2/11/2006 9:29:20 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
2/11/2006 4:18:00 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Evidence Eliminator
{B1816445-A3ED-11D3-B2B3-00104B4C6B08} = C:\WINDOWS\system32\Eeshellx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\shredderse
{00000000-0001-0001-0000-000000000000} = 
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Evidence Eliminator
{B1816445-A3ED-11D3-B2B3-00104B4C6B08} = C:\WINDOWS\system32\Eeshellx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\shredderse
{00000000-0001-0001-0000-000000000000} = 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0561EC90-CE54-4f0c-9C55-E226110A740C}
= C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
= "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console	: C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research	: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM	: C:\PROGRA~1\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com	: C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger	: C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\system32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Evidence Eliminator	"C:\Program Files\Evidence Eliminator\ee.exe" /m
ElbyCheckElbyCDFL	"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
ccApp	"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray	C:\PROGRA~1\SYMANT~1\VPTray.exe
SpySweeper	"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
SM56ACL	sm56hlpr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL	Installed = 1
MAPI	Installed = 1
MSFS	Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
backup	C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE 
item	Adobe Gamma Loader
backup	C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE 
item	Adobe Gamma Loader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup	C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE 
item	Adobe Reader Speed Launch
backup	C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE 
item	Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk
backup	C:\WINDOWS\pss\Billminder.lnkCommon Startup
location	Common Startup
item	Billminder
backup	C:\WINDOWS\pss\Billminder.lnkCommon Startup
location	Common Startup
item	Billminder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk
backup	C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe 
item	hp psc 1000 series
backup	C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe 
item	hp psc 1000 series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk
backup	C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe 
item	hpoddt01.exe
backup	C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe 
item	hpoddt01.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk
backup	C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\Citrix\ICACLI~1\pnagent.exe 
item	Program Neighborhood Agent
backup	C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\Citrix\ICACLI~1\pnagent.exe 
item	Program Neighborhood Agent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk
backup	C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
location	Common Startup
item	Quicken Scheduled Updates
backup	C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
location	Common Startup
item	Quicken Scheduled Updates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk
backup	C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
location	Startup
command	C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE 
item	OpenOffice.org 2.0
backup	C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
location	Startup
command	C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE 
item	OpenOffice.org 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^XFX Game Controller.lnk
path	C:\Documents and Settings\Dave\Start Menu\Programs\XFXGameController\XFX Game Controller.lnk
backup	C:\WINDOWS\pss\XFX Game Controller.lnkStartup
location	Startup
command	C:\Documents and Settings\Dave\Application Data\Microsoft\Installer\{C843A6E6-5B4E-4F36-9F1A-10187070D3DA}\XFXController.exe1_C843A6E65B4E4F369F1A10187070D3DA.exe 
item	XFX Game Controller
path	C:\Documents and Settings\Dave\Start Menu\Programs\XFXGameController\XFX Game Controller.lnk
backup	C:\WINDOWS\pss\XFX Game Controller.lnkStartup
location	Startup
command	C:\Documents and Settings\Dave\Application Data\Microsoft\Installer\{C843A6E6-5B4E-4F36-9F1A-10187070D3DA}\XFXController.exe1_C843A6E65B4E4F369F1A10187070D3DA.exe 
item	XFX Game Controller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AnyDVD
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	AnyDVD
hkey	HKLM
command	C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	AnyDVD
hkey	HKLM
command	C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C2K
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	Cyb2k
hkey	HKLM
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	Cyb2k
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CloneCDTray
hkey	HKLM
command	"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CloneCDTray
hkey	HKLM
command	"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTDVDDET
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CTDVDDet
hkey	HKLM
command	C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CTDVDDet
hkey	HKLM
command	C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ctfmon
hkey	HKCU
command	C:\WINDOWS\system32\ctfmon.exe
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ctfmon
hkey	HKCU
command	C:\WINDOWS\system32\ctfmon.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTHelper
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CTHELPER
hkey	HKLM
command	CTHELPER.EXE
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CTHELPER
hkey	HKLM
command	CTHELPER.EXE
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTSysVol
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CTSysVol
hkey	HKLM
command	C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	CTSysVol
hkey	HKLM
command	C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ElbyCheckAnyDVD
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ElbyCheck
hkey	HKLM
command	"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L AnyDVD
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ElbyCheck
hkey	HKLM
command	"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L AnyDVD
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ITD65_ITD
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	itd
hkey	HKCU
command	"C:\Program Files\Steganos Trace Destructor 6.5\itd.exe" /booting
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	itd
hkey	HKCU
command	"C:\Program Files\Steganos Trace Destructor 6.5\itd.exe" /booting
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mozilla Quick Launch
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	Mozilla
hkey	HKCU
command	"C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	Mozilla
hkey	HKCU
command	"C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NeroCheck
hkey	HKLM
command	C:\WINDOWS\system32\NeroCheck.exe
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NeroCheck
hkey	HKLM
command	C:\WINDOWS\system32\NeroCheck.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvCpl
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvCpl
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvMcTray
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvMcTray
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SBDrvDet
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	SBDrvDet
hkey	HKLM
command	C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	SBDrvDet
hkey	HKLM
command	C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SM56ACL
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	sm56hlpr
hkey	HKLM
command	sm56hlpr.exe
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	sm56hlpr
hkey	HKLM
command	sm56hlpr.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	jusched
hkey	HKLM
command	C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	jusched
hkey	HKLM
command	C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	UpdReg
hkey	HKLM
command	C:\WINDOWS\UpdReg.EXE
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	UpdReg
hkey	HKLM
command	C:\WINDOWS\UpdReg.EXE
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	0
startup	2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700}	1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername	0
legalnoticecaption	
legalnoticetext	
shutdownwithoutlogon	1
undockwithoutlogon	1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun	145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit	= C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify
= PCANotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1	- Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/12/2006 11:34:41 PM


----------



## JSntgRvr

Hi, *onedaveste* 

In Windows XP, some commands are not actually programs; they are interpreted and executed internally by the command shell in the Windows command interpreter (CMD.EXE). Some examples of these are DIR, SET, and COPY. If you look on your hard drive, you will not find a DIR.EXE or COPY.EXE. They are part of the command interpreter, CMD.EXE.

Lets refresh some entries in your registry:

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
_ Modification of the registry can be *EXTREMELY* dangerous if you do not know exactly what you are doing so follow the steps that are listed below *EXACTLY*. if you cannot preform some of these steps or if you have *ANY* questions please ask *BEFORE* proceeding._

*Backing Up Your Registry*
Go *Here* and download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts 
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT* 
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup 
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked 
Press *OK*
Press *YES* to create the folder.
*Registry Modifications*

Download the enclosed file. Extract its contents to the desktop. It is a Registry Entries file, *Shellfix.reg*. * Do nothing with it yet.*

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. *

F2 - REG:system.ini: Shell=
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab

*Now *close all windows and browsers, other than HiJackThis*, then click Fix Checked.

Close Hijackthis.

Double click on the *Shellfix.reg* file and select *Yes* when prompted to merge it into the registry.

Restart the computer.

If that does not resolve the issue, download *FIXPATH2.ZIP * by Bill Stewart

Extract the files to a folder in C:\, like C:\FIXPATH2 (make a folder like that to extract the files to).
Open a command prompt window by going to *Start* > *Run* type: *cmd* and click Ok.
At the command prompt, type: *cd C:\* and press *Enter*, so you should get C:\>.
The type: *cd FIXPATH2* and press *Enter*, So you should get: *C:\>fixpath2*.
Then type: *FIXPATH.EXE* and press Enter.
It will display some preliminary information, and ask if it should continue and check for errors. Click *Yes*.
If it successfully updates the Path value in the registry, you will need to
reboot for the change to take effect. *!! This is really important !!*

Keep me posted.


----------



## JSntgRvr

Oooops! Forgot to include the file. Here it is!


----------



## onedavester

None of this helped but Thanks. I noticed that I can right click my hardrive(s) and then left click open. I will just have to live with that until I can reload.


----------



## JSntgRvr

Hi, *onedavester* 

Download the enclosed file and extract its contents to the desktop. It is a batch file. Once extracted, doubleclick on it and a new document will be produced. *Post the contents of the document.*


----------



## onedavester

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec	REG_EXPAND_SZ	%SystemRoot%\system32\cmd.exe
Path	REG_EXPAND_SZ	%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Common Files\Ulead Systems\MPEG
windir	REG_EXPAND_SZ	%SystemRoot%
FP_NO_HOST_CHECK	REG_SZ	NO
OS	REG_SZ	Windows_NT
PROCESSOR_ARCHITECTURE	REG_SZ	x86
PROCESSOR_LEVEL	REG_SZ	15
PROCESSOR_IDENTIFIER	REG_SZ	x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_REVISION	REG_SZ	0207
NUMBER_OF_PROCESSORS	REG_SZ	1
PATHEXT	REG_SZ	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP	REG_EXPAND_SZ	%SystemRoot%\TEMP
TMP	REG_EXPAND_SZ	%SystemRoot%\TEMP


----------



## JSntgRvr

Hi, *onedavester* 

All seem to be in the right place; Shell, ComSpec and Path. I have no idea why are you experiencing this issue.

You can perform some maintenance and see if we have better results:

Underlined items are clickable to give more information about the process:

Click start then run, type *prefetch* then press enter, click edit then select all, right click any file then click delete, confirm delete.

Click start, all Programmes, Accessories, System Tools to run Disc Clean up, then from System Tools, also run Disc Defragmenter.

Click start then run, type *sfc /scannow* then press enter, you need the XP CD and Windows File Protection will show a blue onscreen progress bar, when the bar goes, reboot.

If you do not have an XP CD you can borrow a same version as was originally installed XP CD, if you downloaded SP2 then you need an SP1 XP CD

Click start then run, *type chkdsk /f /r *then press enter, type Y to confirm for next boot, press enter then reboot.

Windows will appear to load normally then either the monitor will show progress or the screen will go blank, *do not disturb this*.

This will take an hour or so before it gets to the desktop.

Download and install *Tune Up 2006 *Trial

Run *Tune Up Disc Clean Up *

Run *Tune Up Registry Clean Up*

Click *Optimize* and Improve to run *Reg Defrag*, which will take a few minutes and need a reboot. You should disable the antivirus programme to run this and check it is running after the reboot

After the reboot, click optimize then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot

After the reboot, click optimize then system optimizer to run system advisor.

============================================

BTW: Have you checked the *Event Viewer*?

*Start->Control Panel->Administrative Tools->Event Viewer*

Double click on *System*. *Are there any error reflected therein?*


----------



## onedavester

Update:

I also had the "cannot find copy.exe" error when I clicked on my flash drive. I dumped the drive into a folder on another computer and formatted the flash drive. I put the data back on it and it now works fine. (The flash drive had the same error on another pc!) This would indicate that whatever this trojan was it is not affecting the registry, it is putting something on the drives to make them not be able to open properly! Any thoughts??


----------



## JSntgRvr

Hi, *onedavester* 

That sounds like a problem with the boot sector in the hard drive.

Open *Notepad*. Select* File *then *Open*. Type *C:\Boot.ini *on the file to be opened and click on *Open*. Post the contents of this file in your next reply.

Please run the *F-Secure Online Scanner*

Note: *This Scanner is for Internet Explorer Only!*
Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click *Full System Scan*
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the *Automatic cleaning (recommended)* button.
Click the *Show Report* button and *Copy&Paste the entire report in your next reply along with a fresh Hijackthis log.*


----------



## onedavester

Gonna mark this solved. Thanks for all your help. I am reloading my computer as I write this note. Probably for the best. I am going to blame Symantec for taking out copy.exe and ruining my system. Apperantly it was part of the command.com shell. I am starting a thread in here for the best "freebie" antivirus program vs the best pay software. I hope this doesn't start a debate...lol


----------



## JSntgRvr

Hi, *onedavester* 

Sorry to learn that. The fact is that we found nothing that could contribute to this issue. If the culprit is a Master Boot Record virus, I would have run *Fixboot* in the recovery console. That would erase anything that does not belong there.

The only reason I did not suggested that before was because you have no problems booting the computer. But now that you are willing to reformat, I would go for it.

If that does not resolve the issue, then I would see no other option but to reformat and reinstall Windows.


----------



## raddbgt

HELLO 
I JUST CAME TO SAY ONE THING
nothn anti v
is the best thing in my pc
it's the only anti v that removed that anoyying cop.exe trojn from my pc as it did to your pc 
for nobs you must update 1st then scan after that go to each drive you have with the IE (rigth clik then explor) and delet the autorun.inf(you well find it in c:\ d:\ f:\ etc) then rest or log off and log in agin 
simpel isn't it
and your pc is clean now, that's all 
sorry for my english 
engoy your pc as clean as it can be
bye


----------



## Ali709

Alright, altho it's all been said and the thread is marked as solved, I would like to mention a few things.
First, this is my first post here, found the place with google trying to save this copy.exe problem.
Second, I'm gonna explain the problem for any future readers. This is what happened to me: My anti virus (panda antivirus + firewall 2007) after scanning C: found copy.exe as a threat (The scan was after having used an infected USB flash disk, that's where the problem started from I guess) and deleted it. 
After that when trying to open ANY drives wether on my internal HD, external or even the usb flashdisk it gave the error mentioned before "Windows cannot find 'copy.exe' blah blah". Don't panic, you can access your drive by right clicking and choosing open. Why is that? Because if you look in the right click menu, the highlighted (default) option is Autoplay! That's what "raddbgt" mentioned, on all these drives there is a autorun.inf file which is the reason for the Autoplay. The Autoplay is supposed to run copy.exe each time you double click on a driveand once copy.exe is deleted, it will give you the error above.
The solution is to go to each of the drives and delete autorun.inf. After a reboot or logging of and logging in the problem will be totally solved.
BTW, thanks for the great forums 
-Ali


----------



## onedavester

What do you mean by go to each drive? If you open the C drive for instance, ther is no autorun.inf file there.


----------



## Ali709

Hmm...as I have deleted the files I can't check it out, but maybe it's a hidden file, have you enabled the option to see hidden files?
If the drive you are checking still has the copy.exe error and when you right click the highlighted (first) option is Autoplay, then there has to be an autorun file, maybe with some other extension right in the drive (not in any folders).


----------



## onedavester

I do have show hidden files set. I have long since fixed this issue but since you brought this topic back to life, i thought I would look into it in case it ever happens again. I will tell you that I won't ever run a Symantec product again. I am happily running AVG free, Adaware SE, and Spybot S&D with all the protection I need, no problems and more money in the bank.


----------



## Ali709

Well, if you HAVE fixed it, then there shouldn't be such thing as a autoron.inf, if the file is there AND there is no copy.exe that's when the error comes up. I THINK that it is some kind of a virus that puts a copy.exe and a autorun.inf file in your drive, so that whenever you double click on the drive's icon to open it, the copy.exe is run and does whatever it's supposed to do. Because if copy.exe was a normal thing, something that was supposed to be there, then you would see a autorun.inf file in the drive too.


----------



## onedavester

Some good thoughts there. Welcome to the forums. I know you will enjoy the family atmosphere here.


----------



## Cookiegal

This is the Perlovga worm and there is a fix for it created by sUBs.

Be sure the flash drives are connected when running this fix.

Download and run this file - W32.Perlovga.Remover.exe:

http://www.techsupportforum.com/sectools/W32.Perlovga.Remover.exe


----------



## burning_ice

I had the same problem due to a USB transfer...
YOu can try to go to regedit and locate this HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

I deleted MOuntpoints and i can open again C and D drives...
Go try


----------



## burning_ice

I tried it Cookiegal, but that was it? It just said done...


----------



## Cookiegal

burning_ice said:


> I tried it Cookiegal, but that was it? It just said done...


It should be, yes. If you just delete the Mountpoints2 key without addressing the infection, it will return.


----------



## Acer2

Ali709's suggestion works. I had just developed the same problem on my machine & after deleting the autorun.inf file on each hard drive no more issue . You have to untick the "hide system files" in the folder view options to see the autorun file but that was it.

Thanks very much Ali709:up: .

Cheers,

Acer2


----------



## Cookiegal

Some autorun.inf files are valid. You have to check the contents before deleting it.


----------



## rc3hz

i've already delete it but still got the same problem... Need some help here... Pls...


----------



## Cookiegal

rc3hz,

Please reply to your own thread where I've posted instructions for you. You will find it here:

http://forums.techguy.org/security/548203-when-i-open-my-disk.html


----------



## Cookiegal

Due to inactivity, I'm closing this thread.


----------

