18 replies to this topic

[Harley11407]

Jintan, I ran regedit and did not find anything in the below step you requested:

CODE[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

In the right column, locate the following "Name", right click on it, and select "Delete". Repeat this for all items listed. Then close the Registry Editor.

"C:\\WINNT\\system32\\dpvsetup.exe"
"C:\\WINNT\\system32\\rundll32.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"

The list folder was empty in both the Standard & Domain.
I still backed up the registry and also created another restore point also anyways.

I then installed the antispyware app and set it up the way you directed, shut the pc down manually and booted up in SAFE MODE. It came up just fine in Safe mode only.

I then ran the SuperAntispyware app with a complete scan. After this scan while I was still in Safe Mode I ran the Adaware program complete and also ran the AVG 7.5 virus app also.

I found 1 additional nominal item with the Adaware program and the AVG 7.5 was clean with nothing found.

Below is the complete SuperAntispyware Scan Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2007 at 07:56 PM

Application Version : 3.9.1008

Core Rules Database Version : 3276
Trace Rules Database Version: 1287

Scan type : Complete Scan
Total Scan Time : 01:24:14

Memory items scanned : 176
Memory threats detected : 0
Registry items scanned : 7356
Registry threats detected : 1
File items scanned : 57406
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator.SILVERFOX\Cookies\administrator@atwola[1].txt

Unclassified.PC MightyMax
HKU\S-1-5-21-1888592342-147546581-1803224852-1003\Software\PC MightyMax
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax

Adware.Aurora-Installer
C:\PROGRAM FILES\AURORA MPEG TO DVD BURNER\AURORA VIDEO DVD BURNER.EXE


All of the above are in quarantine.

I have no idea what Unclassified.PC MightyMax is since I do not have this app no where on this pc.
Since I have tested alot of various software in the past I found alot of these vendors will report false positives to goad the trial customer into purchasing the software app.

Thanks for all your help thus far as I have learned alot but unfortunately the pc still took me around 4 times hitting the f8 key and vga mode before it finally loaded windows without freezing at various stages of the loading of windows.

Regards

P.S. I also uninstalled the final app called LOCK FOLDER XP 3.2 from the pc before any of these tests above were performed just in case as you suggested might be causing a problem.

Edited by Harley11407, 31 July 2007 - 11:25 PM.

[Jintan]

Mighty Max is rogueware, and can both sneak by installing and leave no means of uninstalling, so good the scan removed that Aurora is always adware bundled in any of it's products, so again good it is removed. Tracking down with one item with all the installs on this system is some of what we have been attempting. It is such an overwhelming amount that assessing which particular item has a corrupted driver or is in conflict with another is seemingly not possible. Two more that I can pick from the list that are higher on a list of softwares that could cause issues:

Window Washer
AntiCrash 3.6.1


Window Washer however has it's startup disabled through msconfig, so if you choose to uninstall this you will need to re-enable that first.

[Harley11407]

Mighty Max is rogueware, and can both sneak by installing and leave no means of uninstalling, so good the scan removed that Aurora is always adware bundled in any of it's products, so again good it is removed. Tracking down with one item with all the installs on this system is some of what we have been attempting. It is such an overwhelming amount that assessing which particular item has a corrupted driver or is in conflict with another is seemingly not possible. Two more that I can pick from the list that are higher on a list of softwares that could cause issues:

Window Washer
AntiCrash 3.6.1


Window Washer however has it's startup disabled through msconfig, so if you choose to uninstall this you will need to re-enable that first.

Jintan, I did uninstall the AntiCrash 3.6.1 as you suggested.

Since it looks like with your help we have pretty much narrowed it down to a possible driver conflict I again uninstalled the Nvidia drivers from the add\remove list, rebooted in Safe Mode Only and ran the Driver Cleaner Pro 1.5 program once again checking separately one by one anything pertaining to Nvidia and then the same with ATI. I did this twice for each vendor.

I then rebooted up and the PC came up normally in windows with the familiar prompt FOUND NEW HARDWARE. I cancelled this and re-installed the latest Nvidia 93.71 drivers and rebooted the PC and it shut down normally !

I rebooted the pc once again normally and it came up with no problems ! Went ahead and set the screens resolution preference & refresh rate with the nvidia control panel.

I immediately created a new restore point.

Hopefully with all your dedicated help, together we have solved this problem.

One last thing, can you please tell me how I can remove the Deckard Scan tool.exe, the Combofix.exe, and the Unhookexe from the pc since they have no uninstaller function. Do I simply remove or delete the icons from my desktop?

BTW, I never was able to successfully run the sfc /scannow even though I redirected the sourcepath to search all my i386 folders in the C:\ drive by changing the sourcepath from D:\ to C:\ in the registry strings. It still would continue to ask me for the XP CD disc and I only have the original XP CD home edition sp1.1 and I have already updated to SP2 thru windows updates. When I did insert the original cd it would say wrong cd before I had redirected the sourcepaths in the registry.

http://www.compphix....protection.html

Regards

[Jintan]

That is excellent news Harley. I am aware you have made many changes and alterations to arrive at a solution, so good for you on that. Tough call on using SFC when SP2 is installed, depending on it being an upgrade or perhaps even slipstreamed install etc. what might being issues like that. May want to walk that question through at our Other Computer Problems forum to get input from those who might more specialize in that area.