Post by: purepremium2006 on June 10, 2006, 03:32:23 AM
I was trying to install Xp home on my desktop (I bought it for my laptop) and it said my product key was no good so I downloaded a program called kf141.zip to identify my product key. I dl'ed 2 versions, one of them gave me this worm. So any help on getting XP to work on my desktop would be greatly appreciated as well. Now on to the issue at hand.
I've read through some of the posts here and did some self help but would like to get someone to look through my logs and see if my comp's clean.
I downloaded a AlcanFix.zip from another site and also ran SmitfraudFix from this site. Here are the logs.
Logfile of HijackThis v1.99.1
Scan saved at 1:31:10 AM, on 6/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\francis\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by [censored] happens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\msdtc.dll
O20 - Winlogon Notify: winhmc32 - C:\WINDOWS\SYSTEM32\winhmc32.dll
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
SmitFraudFix v2.56
Scan done at 1:22:14.07, Sat 06/10/2006
Run from C:\Documents and Settings\francis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"
[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\System32\asxbbx.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\System32\asxbbx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\exit Deleted
C:\secure32.html Deleted
C:\uniq Deleted
C:\WINDOWS\azesearch.bmp Deleted
C:\WINDOWS\blue-bg.gif Deleted
C:\WINDOWS\close-bar.gif Deleted
C:\WINDOWS\remove-spyware-btn.gif Deleted
C:\WINDOWS\teller2.chk Deleted
C:\WINDOWS\warning-bar-ico.gif Deleted
C:\WINDOWS\win-sec-center-logo.gif Deleted
Problem while deleting C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\bin29a.log Deleted
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\hp???.tmp
Problem while deleting C:\WINDOWS\system32\hp????.tmp
Problem while deleting C:\WINDOWS\system32\ld????.tmp
C:\WINDOWS\system32\ot.ico Deleted
Problem while deleting C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\simpole.tlb Deleted
Problem while deleting C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Documents and Settings\francis\Application Data\Install.dat Deleted
C:\DOCUME~1\francis\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\secure32.html Deleted
C:\Program Files\SpywareQuake.com\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\System32\asxbbx.dll -> Hoax.Win32.Renos.gen
C:\WINDOWS\System32\asxbbx.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
Again, I appreciate the help, hope to hear from you soon.
Thank you,
sincerely,
francis
Post by: purepremium2006 on June 10, 2006, 03:55:00 AM
but 2 windows keeps popping up
ULWindowSeek
ULWindowUrl
and a warning about activex config prohibiting these from running. At least now task manager is back.
Going through uninstalling suspect programs, there's one calle Web Savings from Ebates that won't uninstall. ERROR: could not execute Main: The system cannot find the file specified. Does that mean its not there anymore?
Post by: purepremium2006 on June 10, 2006, 04:07:56 AM
Logfile of HijackThis v1.99.1
Scan saved at 2:05:30 AM, on 6/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\francis\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by [censored] happens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\msdtc.dll
O20 - Winlogon Notify: winhmc32 - C:\WINDOWS\SYSTEM32\winhmc32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
and SmitFraudFix
SmitFraudFix v2.56
Scan done at 2:06:51.32, Sat 06/10/2006
Run from C:\Documents and Settings\francis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\francis\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\francis\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Post by: purepremium2006 on June 10, 2006, 05:33:02 PM
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:56:31 PM, 6/10/2006
+ Report-Checksum: B8D2FE6F
+ Scan result:
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP674\A0189635.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP674\A0189638.dll -> Trojan.Agent.vg : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 3:32:22 PM, on 6/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\hijackthis.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Thanks
Post by: guestolo on June 11, 2006, 08:04:11 AM
Just for a double check can you do the following
Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop
Don't run it yet
RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter
In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
Let this finish, a log will open so you will know it's done
Close out after
Reboot back to Normal mode
Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder
Post by: purepremium2006 on June 11, 2006, 03:43:17 PM
Here's the log from WinPFind
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
PTech 7/1/2004 2:00:54 AM H 2873716 C:\WINDOWS\msbb_kyf.dat
Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/28/2002 2:00:00 PM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 9/28/2005 2:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 2:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 7/3/2004 7:51:56 PM H 3164631 C:\WINDOWS\SYSTEM32\kyf.dat
PTech 7/12/2005 7:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 1/4/2006 8:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 8:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 6/9/2006 12:34:46 AM 156672 C:\WINDOWS\SYSTEM32\oins.exe
Umonitor 8/28/2002 2:00:00 PM 631808 C:\WINDOWS\SYSTEM32\RASDLG.DLL
UPX! 4/27/2006 5:49:00 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 1/9/2006 10:36:00 AM 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 1/9/2006 10:36:00 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 8/28/2002 2:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/11/2006 1:05:02 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
6/11/2006 1:04:00 PM S 64 C:\WINDOWS\CSC\00000001
6/11/2006 12:45:12 PM S 64 C:\WINDOWS\CSC\00000002
6/7/2006 7:12:18 PM S 64 C:\WINDOWS\CSC\csc1.tmp
4/28/2006 9:29:22 PM HS 848 C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
4/16/2006 1:04:56 AM HS 0 C:\WINDOWS\SYSTEM32\wupdmgr.tmp
6/11/2006 1:04:50 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
6/11/2006 1:05:10 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
6/11/2006 1:05:04 PM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
6/11/2006 1:06:12 PM H 86016 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
6/11/2006 1:05:08 PM H 1167360 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
7/13/2006 1:24:22 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\153d4519-394e-4c7c-8095-25fe2cf4e79a
5/2/2006 12:52:20 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\25859ce9-92ac-45ac-8b06-5d887a65dca2
6/30/2006 1:22:34 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\3781809c-f2bc-4296-ad5e-0799756c3c62
5/2/2006 12:52:20 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
6/11/2006 1:04:02 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/28/2002 2:00:00 PM 66048 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 578560 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
11/11/1999 9:11:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Logitech Inc. 7/28/2005 2:01:56 PM 360448 C:\WINDOWS\SYSTEM32\camcpl.cpl
5/23/2002 8:45:48 PM 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 129024 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 150016 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 292352 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 121856 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 559616 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 256000 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 36864 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 109056 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
11/19/1999 2:54:12 PM 155648 C:\WINDOWS\SYSTEM32\PPPoEService.cpl
RealNetworks, Inc. 1/13/2003 1:47:04 AM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 268288 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Wacom Technology, Corp. 11/25/2002 1:55:00 PM 921600 C:\WINDOWS\SYSTEM32\Tablet.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 90112 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/29/2006 6:13:00 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/2/2002 10:36:04 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/2/2002 10:26:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
5/5/2006 11:38:46 PM 1782 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
4/29/2006 1:44:20 AM 988 C:\Documents and Settings\francis\Start Menu\Programs\Startup\Adobe Gamma.lnk
9/2/2002 10:36:04 PM HS 84 C:\Documents and Settings\francis\Start Menu\Programs\Startup\DESKTOP.INI
4/3/2004 7:14:02 PM 243200 C:\Documents and Settings\francis\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Checking files in %USERPROFILE%\Application Data folder...
9/2/2002 10:26:20 PM HS 62 C:\Documents and Settings\francis\Application Data\DESKTOP.INI
2/7/2003 12:49:28 AM 12358 C:\Documents and Settings\francis\Application Data\PFP100JCM.{PB
2/7/2003 12:49:28 AM 61678 C:\Documents and Settings\francis\Application Data\PFP100JPR.{PB
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DVDSentry C:\WINDOWS\System32\DSentry.exe
ATIModeChange Ati2mdxx.exe
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
PCTVOICE pctspk.exe
LogitechCameraAssistant C:\Program Files\Logitech\Video\CameraAssistant.exe
LogitechVideo[inspector] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
License Management Service ESD 3
ImapiService 3
IDriverT 3
Adobe LM Service 3
ACS 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ACS.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACS.lnk
backup C:\WINDOWS\pss\ACS.lnkCommon Startup
location Common Startup
command C:\WINDOWS\SYSTEM32\ACS.BAT
item ACS
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACS.lnk
backup C:\WINDOWS\pss\ACS.lnkCommon Startup
location Common Startup
command C:\WINDOWS\SYSTEM32\ACS.BAT
item ACS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link AirPlus Xtreme G Configuration Utility.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus Xtreme G Configuration Utility.lnk
backup C:\WINDOWS\pss\D-Link AirPlus Xtreme G Configuration Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-LINK~1\AirPlus.exe
item D-Link AirPlus Xtreme G Configuration Utility
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus Xtreme G Configuration Utility.lnk
backup C:\WINDOWS\pss\D-Link AirPlus Xtreme G Configuration Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-LINK~1\AirPlus.exe
item D-Link AirPlus Xtreme G Configuration Utility
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
backup C:\WINDOWS\pss\D-Link REG Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-LINK~1\Reg.exe
item D-Link REG Utility
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
backup C:\WINDOWS\pss\D-Link REG Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-LINK~1\Reg.exe
item D-Link REG Utility
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\0dc14acb.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 0dc14acb
hkey HKLM
command C:\WINDOWS\System32\0dc14acb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 0dc14acb
hkey HKLM
command C:\WINDOWS\System32\0dc14acb.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Apoint
hkey HKLM
command C:\Program Files\Apoint\Apoint.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Apoint
hkey HKLM
command C:\Program Files\Apoint\Apoint.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cf063a0d.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cf063a0d
hkey HKLM
command C:\WINDOWS\System32\cf063a0d.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cf063a0d
hkey HKLM
command C:\WINDOWS\System32\cf063a0d.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIGESTW
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DIGESTW
hkey HKLM
command C:\WINDOWS\System32\DIGESTW.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DIGESTW
hkey HKLM
command C:\WINDOWS\System32\DIGESTW.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IASCRW
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IASCRW
hkey HKLM
command C:\WINDOWS\System32\IASCRW.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IASCRW
hkey HKLM
command C:\WINDOWS\System32\IASCRW.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Utility
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Logi_MwX
hkey HKLM
command Logi_MwX.Exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Logi_MwX
hkey HKLM
command Logi_MwX.Exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCameraService(E)
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElkCtrl
hkey HKLM
command C:\WINDOWS\System32\ElkCtrl.exe /automation
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElkCtrl
hkey HKLM
command C:\WINDOWS\System32\ElkCtrl.exe /automation
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ManifestEngine
hkey HKCU
command "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ManifestEngine
hkey HKCU
command "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LVCOMSX
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LVCOMSX
hkey HKLM
command C:\WINDOWS\System32\LVCOMSX.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LVCOMSX
hkey HKLM
command C:\WINDOWS\System32\LVCOMSX.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ncao
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item chkdsk
hkey HKCU
command "C:\DOCUME~1\francis\MYDOCU~1\STEM32~1\chkdsk.exe" -vt yax
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item chkdsk
hkey HKCU
command "C:\DOCUME~1\francis\MYDOCU~1\STEM32~1\chkdsk.exe" -vt yax
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PRISMSVR.EXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PRISMSVR
hkey HKLM
command "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PRISMSVR
hkey HKLM
command "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegKillElbyCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElbyCheck
hkey HKLM
command "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ElbyCheck
hkey HKLM
command "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegKillTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RegKillTray
hkey HKLM
command "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RegKillTray
hkey HKLM
command "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SCFGWMIT
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SCFGWMIT
hkey HKLM
command C:\WINDOWS\System32\SCFGWMIT.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SCFGWMIT
hkey HKLM
command C:\WINDOWS\System32\SCFGWMIT.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMARQUES
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SMARQUES
hkey HKLM
command C:\WINDOWS\System32\SMARQUES.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SMARQUES
hkey HKLM
command C:\WINDOWS\System32\SMARQUES.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StorageGuard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UDIOSRVA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UDIOSRVA
hkey HKLM
command C:\WINDOWS\System32\UDIOSRVA.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UDIOSRVA
hkey HKLM
command C:\WINDOWS\System32\UDIOSRVA.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yppin
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NPDB~1
hkey HKCU
command C:\WINDOWS\SYSTEM32\PPPATC~1\NPDB~1.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NPDB~1
hkey HKCU
command C:\WINDOWS\SYSTEM32\PPPATC~1\NPDB~1.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zwjixxbjwlku
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xkefyp
hkey HKLM
command C:\WINDOWS\System32\xkefyp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xkefyp
hkey HKLM
command C:\WINDOWS\System32\xkefyp.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 2
bootini 2
services 2
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoStartMenuMyMusic 1
NoSMMyPictures 1
NoRecentDocsMenu 1
ClearRecentDocsOnExit 1
NoRecentDocsHistory 1
NoTaskGrouping 1
NoRecentDocsNetHood 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/11/2006 1:15:05 PM
ITS a long one, whew.
Quick question on some c:windows folders.
I have all these folders in blue called something like this
$NtUninstallKB873339$
Are they restore point backups or what? And can I delete them?
HOpe you're having a good sunday.
Post by: guestolo on June 11, 2006, 07:11:13 PM
Quote
I have all these folders in blue called something like thisThose files you don't normally see are related too updates from windows
$NtUninstallKB873339$
Leave them alone, they do no harm
You have enabled showing hidden files and folders, that why your seeing them
Can you do the following please
Your controlling entries on startup with msconfig
It is hard analyzing your hijackthis log this way
Can you do the following please
Use Internet Explorer and Run the online Panda ActiveScan (http://\"http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan.htm&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest\")
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.
When the scan is complete
click See Report, then click Save Report and save it to your Desktop.
I'll need to see it later
After the scan is done
Go to START>>RUN>>type in
msconfig
Under the STARTUP tab>>Enable ALL>>Apply
Under the General tab ensure Normal startup is selected
Apply and Close
Reboot the computer at the prompt
Back in Windows
Run a fresh scan and savelogfile with Hijackthis and post the fresh log
Also, post the whole report from Panda's
Post by: purepremium2006 on June 13, 2006, 02:48:12 AM
Incident Status Location
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\francis\Cookies\francis@go[1].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\SmitfraudFix\Process.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe
Adware:adware/vog Not disinfected C:\Program Files\Internet Explorer\winbrume.dat
Adware:adware/clickalchemy Not disinfected C:\WINDOWS\alchem.ini
Adware:Adware/AzeSearch Not disinfected C:\WINDOWS\Downloaded Program Files\azesearch.inf
Dialer:dialer.avv Not disinfected C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
Dialer:dialer.no Not disinfected C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe
Adware:Adware Program Not disinfected C:\WINDOWS\Downloaded Program Files\test.INF
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload2.dat
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\INF\alchem.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\biC.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:Adware/Transponder Not disinfected C:\WINDOWS\INF\polmx2.inf
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\INF\twaintec.inf
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.log
Virus:Trj/Qhost.B Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20040627-025658.backup
Adware:adware/keenvalue Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Adware:adware/mediatickets Not disinfected C:\WINDOWS\SYSTEM32\oins.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
_________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 12:45:45 AM, on 6/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\hijackthis.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zwjixxbjwlku] C:\WINDOWS\System32\xkefyp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UDIOSRVA] C:\WINDOWS\System32\UDIOSRVA.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SMARQUES] C:\WINDOWS\System32\SMARQUES.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SCFGWMIT] C:\WINDOWS\System32\SCFGWMIT.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IASCRW] C:\WINDOWS\System32\IASCRW.exe
O4 - HKLM\..\Run: [DIGESTW] C:\WINDOWS\System32\DIGESTW.exe
O4 - HKLM\..\Run: [cf063a0d.exe] C:\WINDOWS\System32\cf063a0d.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [0dc14acb.exe] C:\WINDOWS\System32\0dc14acb.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yppin] C:\WINDOWS\SYSTEM32\PPPATC~1\NPDB~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\francis\MYDOCU~1\STEM32~1\chkdsk.exe" -vt yax
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Post by: guestolo on June 13, 2006, 10:25:23 PM
Can you do the following please
Please download The Avenger.zip (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.
* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
Copy all the text contained in the qoute box below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard
Quote
files to delete:Now, start The Avenger program by clicking on its icon on your desktop
C:\Documents and Settings\francis\Cookies\francis@go[1].txt
C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe
C:\Documents and Settings\francis\My
Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe
C:\Program Files\Internet Explorer\winbrume.dat
C:\WINDOWS\alchem.ini
C:\WINDOWS\Downloaded Program Files\azesearch.inf
C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe
C:\WINDOWS\Downloaded Program Files\test.INF
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\INF\biC.inf
C:\WINDOWS\INF\biini.inf
C:\WINDOWS\INF\polmx2.inf
C:\WINDOWS\INF\twaintec.inf
C:\WINDOWS\msbb.log
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
C:\WINDOWS\SYSTEM32\oins.exe
C:\WINDOWS\msbb_kyf.dat
C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\SYSTEM32\SrchSTS.exe
C:\WINDOWS\System32\cf063a0d.exe
C:\WINDOWS\System32\SCFGWMIT.exe
C:\WINDOWS\System32\DIGESTW.exe
C:\WINDOWS\System32\0dc14acb.exe
C:\WINDOWS\System32\IASCRW.exe
C:\WINDOWS\System32\xkefyp.exe
C:\WINDOWS\System32\UDIOSRVA.exe
C:\WINDOWS\System32\SMARQUES.exe
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the Green Light to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Back in Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [zwjixxbjwlku] C:\WINDOWS\System32\xkefyp.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UDIOSRVA] C:\WINDOWS\System32\UDIOSRVA.exe
O4 - HKLM\..\Run: [SMARQUES] C:\WINDOWS\System32\SMARQUES.exe
O4 - HKLM\..\Run: [SCFGWMIT] C:\WINDOWS\System32\SCFGWMIT.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IASCRW] C:\WINDOWS\System32\IASCRW.exe
O4 - HKLM\..\Run: [DIGESTW] C:\WINDOWS\System32\DIGESTW.exe
O4 - HKLM\..\Run: [cf063a0d.exe] C:\WINDOWS\System32\cf063a0d.exe
O4 - HKLM\..\Run: [0dc14acb.exe] C:\WINDOWS\System32\0dc14acb.exe
O4 - HKCU\..\Run: [Yppin] C:\WINDOWS\SYSTEM32\PPPATC~1\NPDB~1.EXE
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\francis\MYDOCU~1\STEM32~1\chkdsk.exe" -vt yax
O4 - Startup: PowerReg Scheduler.exe
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer one more time
Back in Windows
Your not running any Anti-Virus software, if you don't have your own to install
Immediately install and update one of these free AV's below
ONLY INSTALL ONE, more than one can cause operating system instabilities
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")
All of the above have a free version, once you have decided which one to install and update
Run a full system scan, let it remove whatever it finds,
Reboot your computer one more time
Back in Windows
1. Post a fresh Hijackthis log
2. Post the whole log created by Avenger>>C:\avenger.txt
Post by: purepremium2006 on June 14, 2006, 10:24:50 AM
There are a bunch of A01#####.exe's in the system restore folders (C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}). Do I need to keep these folders or can I just delete them? I think they all were done when the comp was infected. I should just do a clean restore now.
Here are the logs. Posted 2 avenger logs, first one I think I did in selective startup, forgot to uncheck them again...
Logfile of HijackThis v1.99.1
Scan saved at 8:20:08 AM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\hijackthis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
_____________________________________________
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qolnaqau
*******************
Script file located at: \??\C:\Documents and Settings\hwkkxfls.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\francis\Cookies\francis@go[1].txt not found!
Deletion of file C:\Documents and Settings\francis\Cookies\francis@go[1].txt failed!
Could not process line:
C:\Documents and Settings\francis\Cookies\francis@go[1].txt
Status: 0xc0000034
File C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log not found!
Deletion of file C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log failed!
Could not process line:
C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log
Status: 0xc0000034
File C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe not found!
Deletion of file C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe failed!
Could not process line:
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe
Status: 0xc0000034
File C:\Documents and Settings\francis\My not found!
Deletion of file C:\Documents and Settings\francis\My failed!
Could not process line:
C:\Documents and Settings\francis\My
Status: 0xc0000034
Could not open file Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe for deletion
Deletion of file Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe failed!
Could not process line:
Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe
Status: 0xc000003a
File C:\Program Files\Internet Explorer\winbrume.dat not found!
Deletion of file C:\Program Files\Internet Explorer\winbrume.dat failed!
Could not process line:
C:\Program Files\Internet Explorer\winbrume.dat
Status: 0xc0000034
File C:\WINDOWS\alchem.ini not found!
Deletion of file C:\WINDOWS\alchem.ini failed!
Could not process line:
C:\WINDOWS\alchem.ini
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\azesearch.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\azesearch.inf failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\azesearch.inf
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\test.INF not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\test.INF failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\test.INF
Status: 0xc0000034
File C:\WINDOWS\drsmartload2.dat not found!
Deletion of file C:\WINDOWS\drsmartload2.dat failed!
Could not process line:
C:\WINDOWS\drsmartload2.dat
Status: 0xc0000034
File C:\WINDOWS\INF\alchem.inf not found!
Deletion of file C:\WINDOWS\INF\alchem.inf failed!
Could not process line:
C:\WINDOWS\INF\alchem.inf
Status: 0xc0000034
File C:\WINDOWS\INF\biC.inf not found!
Deletion of file C:\WINDOWS\INF\biC.inf failed!
Could not process line:
C:\WINDOWS\INF\biC.inf
Status: 0xc0000034
File C:\WINDOWS\INF\biini.inf not found!
Deletion of file C:\WINDOWS\INF\biini.inf failed!
Could not process line:
C:\WINDOWS\INF\biini.inf
Status: 0xc0000034
File C:\WINDOWS\INF\polmx2.inf not found!
Deletion of file C:\WINDOWS\INF\polmx2.inf failed!
Could not process line:
C:\WINDOWS\INF\polmx2.inf
Status: 0xc0000034
File C:\WINDOWS\INF\twaintec.inf not found!
Deletion of file C:\WINDOWS\INF\twaintec.inf failed!
Could not process line:
C:\WINDOWS\INF\twaintec.inf
Status: 0xc0000034
File C:\WINDOWS\msbb.log not found!
Deletion of file C:\WINDOWS\msbb.log failed!
Could not process line:
C:\WINDOWS\msbb.log
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho not found!
Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho failed!
Could not process line:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\oins.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\oins.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\oins.exe
Status: 0xc0000034
File C:\WINDOWS\msbb_kyf.dat not found!
Deletion of file C:\WINDOWS\msbb_kyf.dat failed!
Could not process line:
C:\WINDOWS\msbb_kyf.dat
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\kyf.dat not found!
Deletion of file C:\WINDOWS\SYSTEM32\kyf.dat failed!
Could not process line:
C:\WINDOWS\SYSTEM32\kyf.dat
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\SrchSTS.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\SrchSTS.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\SrchSTS.exe
Status: 0xc0000034
File C:\WINDOWS\System32\cf063a0d.exe not found!
Deletion of file C:\WINDOWS\System32\cf063a0d.exe failed!
Could not process line:
C:\WINDOWS\System32\cf063a0d.exe
Status: 0xc0000034
File C:\WINDOWS\System32\SCFGWMIT.exe not found!
Deletion of file C:\WINDOWS\System32\SCFGWMIT.exe failed!
Could not process line:
C:\WINDOWS\System32\SCFGWMIT.exe
Status: 0xc0000034
File C:\WINDOWS\System32\DIGESTW.exe not found!
Deletion of file C:\WINDOWS\System32\DIGESTW.exe failed!
Could not process line:
C:\WINDOWS\System32\DIGESTW.exe
Status: 0xc0000034
File C:\WINDOWS\System32\0dc14acb.exe not found!
Deletion of file C:\WINDOWS\System32\0dc14acb.exe failed!
Could not process line:
C:\WINDOWS\System32\0dc14acb.exe
Status: 0xc0000034
File C:\WINDOWS\System32\IASCRW.exe not found!
Deletion of file C:\WINDOWS\System32\IASCRW.exe failed!
Could not process line:
C:\WINDOWS\System32\IASCRW.exe
Status: 0xc0000034
File C:\WINDOWS\System32\xkefyp.exe not found!
Deletion of file C:\WINDOWS\System32\xkefyp.exe failed!
Could not process line:
C:\WINDOWS\System32\xkefyp.exe
Status: 0xc0000034
File C:\WINDOWS\System32\UDIOSRVA.exe not found!
Deletion of file C:\WINDOWS\System32\UDIOSRVA.exe failed!
Could not process line:
C:\WINDOWS\System32\UDIOSRVA.exe
Status: 0xc0000034
File C:\WINDOWS\System32\SMARQUES.exe not found!
Deletion of file C:\WINDOWS\System32\SMARQUES.exe failed!
Could not process line:
C:\WINDOWS\System32\SMARQUES.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
_____________________________
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qolnaqau
*******************
Script file located at: \??\C:\Documents and Settings\hwkkxfls.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\francis\Cookies\francis@go[1].txt not found!
Deletion of file C:\Documents and Settings\francis\Cookies\francis@go[1].txt failed!
Could not process line:
C:\Documents and Settings\francis\Cookies\francis@go[1].txt
Status: 0xc0000034
File C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log not found!
Deletion of file C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log failed!
Could not process line:
C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log
Status: 0xc0000034
File C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe not found!
Deletion of file C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe failed!
Could not process line:
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe
Status: 0xc0000034
File C:\Documents and Settings\francis\My not found!
Deletion of file C:\Documents and Settings\francis\My failed!
Could not process line:
C:\Documents and Settings\francis\My
Status: 0xc0000034
Could not open file Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe for deletion
Deletion of file Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe failed!
Could not process line:
Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe
Status: 0xc000003a
File C:\Program Files\Internet Explorer\winbrume.dat not found!
Deletion of file C:\Program Files\Internet Explorer\winbrume.dat failed!
Could not process line:
C:\Program Files\Internet Explorer\winbrume.dat
Status: 0xc0000034
File C:\WINDOWS\alchem.ini not found!
Deletion of file C:\WINDOWS\alchem.ini failed!
Could not process line:
C:\WINDOWS\alchem.ini
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\azesearch.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\azesearch.inf failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\azesearch.inf
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\test.INF not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\test.INF failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\test.INF
Status: 0xc0000034
File C:\WINDOWS\drsmartload2.dat not found!
Deletion of file C:\WINDOWS\drsmartload2.dat failed!
Could not process line:
C:\WINDOWS\drsmartload2.dat
Status: 0xc0000034
File C:\WINDOWS\INF\alchem.inf not found!
Deletion of file C:\WINDOWS\INF\alchem.inf failed!
Could not process line:
C:\WINDOWS\INF\alchem.inf
Status: 0xc0000034
File C:\WINDOWS\INF\biC.inf not found!
Deletion of file C:\WINDOWS\INF\biC.inf failed!
Could not process line:
C:\WINDOWS\INF\biC.inf
Status: 0xc0000034
File C:\WINDOWS\INF\biini.inf not found!
Deletion of file C:\WINDOWS\INF\biini.inf failed!
Could not process line:
C:\WINDOWS\INF\biini.inf
Status: 0xc0000034
File C:\WINDOWS\INF\polmx2.inf not found!
Deletion of file C:\WINDOWS\INF\polmx2.inf failed!
Could not process line:
C:\WINDOWS\INF\polmx2.inf
Status: 0xc0000034
File C:\WINDOWS\INF\twaintec.inf not found!
Deletion of file C:\WINDOWS\INF\twaintec.inf failed!
Could not process line:
C:\WINDOWS\INF\twaintec.inf
Status: 0xc0000034
File C:\WINDOWS\msbb.log not found!
Deletion of file C:\WINDOWS\msbb.log failed!
Could not process line:
C:\WINDOWS\msbb.log
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho not found!
Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho failed!
Could not process line:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\oins.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\oins.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\oins.exe
Status: 0xc0000034
File C:\WINDOWS\msbb_kyf.dat not found!
Deletion of file C:\WINDOWS\msbb_kyf.dat failed!
Could not process line:
C:\WINDOWS\msbb_kyf.dat
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\kyf.dat not found!
Deletion of file C:\WINDOWS\SYSTEM32\kyf.dat failed!
Could not process line:
C:\WINDOWS\SYSTEM32\kyf.dat
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\SrchSTS.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\SrchSTS.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\SrchSTS.exe
Status: 0xc0000034
File C:\WINDOWS\System32\cf063a0d.exe not found!
Deletion of file C:\WINDOWS\System32\cf063a0d.exe failed!
Could not process line:
C:\WINDOWS\System32\cf063a0d.exe
Status: 0xc0000034
File C:\WINDOWS\System32\SCFGWMIT.exe not found!
Deletion of file C:\WINDOWS\System32\SCFGWMIT.exe failed!
Could not process line:
C:\WINDOWS\System32\SCFGWMIT.exe
Status: 0xc0000034
File C:\WINDOWS\System32\DIGESTW.exe not found!
Deletion of file C:\WINDOWS\System32\DIGESTW.exe failed!
Could not process line:
C:\WINDOWS\System32\DIGESTW.exe
Status: 0xc0000034
File C:\WINDOWS\System32\0dc14acb.exe not found!
Deletion of file C:\WINDOWS\System32\0dc14acb.exe failed!
Could not process line:
C:\WINDOWS\System32\0dc14acb.exe
Status: 0xc0000034
File C:\WINDOWS\System32\IASCRW.exe not found!
Deletion of file C:\WINDOWS\System32\IASCRW.exe failed!
Could not process line:
C:\WINDOWS\System32\IASCRW.exe
Status: 0xc0000034
File C:\WINDOWS\System32\xkefyp.exe not found!
Deletion of file C:\WINDOWS\System32\xkefyp.exe failed!
Could not process line:
C:\WINDOWS\System32\xkefyp.exe
Status: 0xc0000034
File C:\WINDOWS\System32\UDIOSRVA.exe not found!
Deletion of file C:\WINDOWS\System32\UDIOSRVA.exe failed!
Could not process line:
C:\WINDOWS\System32\UDIOSRVA.exe
Status: 0xc0000034
File C:\WINDOWS\System32\SMARQUES.exe not found!
Deletion of file C:\WINDOWS\System32\SMARQUES.exe failed!
Could not process line:
C:\WINDOWS\System32\SMARQUES.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Thanks for the help.
Post by: guestolo on June 14, 2006, 02:18:46 PM
Quote
Here are the logs. Posted 2 avenger logs, first one I think I did in selective startup, forgot to uncheck them again...
I want to see EVERYTHING in the log
I need you too do the following
Go back to msconfig
REENABLE EVERYTHING ON STARTUP
Reboot the computer afterwards and post back a fresh hijackthis log
Your almost done, but we won't continue until you have done the above
Leave everything enabled until AFTER we are sure you are clean
Post by: purepremium2006 on June 14, 2006, 09:32:15 PM
Logfile of HijackThis v1.99.1
Scan saved at 7:30:43 PM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\hijackthis.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
_____________________________________________________
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bvqmayav
*******************
Script file located at: \??\C:\WINDOWS\gfaplsgn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\francis\Cookies\francis@go[1].txt not found!
Deletion of file C:\Documents and Settings\francis\Cookies\francis@go[1].txt failed!
Could not process line:
C:\Documents and Settings\francis\Cookies\francis@go[1].txt
Status: 0xc0000034
File C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log not found!
Deletion of file C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log failed!
Could not process line:
C:\Documents and Settings\francis\Local Settings\Temporary Internet Files\Ssk.log
Status: 0xc0000034
File C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe not found!
Deletion of file C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe failed!
Could not process line:
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\0dc14acb.exe
Status: 0xc0000034
File C:\Documents and Settings\francis\My not found!
Deletion of file C:\Documents and Settings\francis\My failed!
Could not process line:
C:\Documents and Settings\francis\My
Status: 0xc0000034
Could not open file Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe for deletion
Deletion of file Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe failed!
Could not process line:
Documents\francis_stuf\Programs\Antivirus_PutonDesktop\system32BU\cf063a0d.exe
Status: 0xc000003a
File C:\Program Files\Internet Explorer\winbrume.dat not found!
Deletion of file C:\Program Files\Internet Explorer\winbrume.dat failed!
Could not process line:
C:\Program Files\Internet Explorer\winbrume.dat
Status: 0xc0000034
File C:\WINDOWS\alchem.ini not found!
Deletion of file C:\WINDOWS\alchem.ini failed!
Could not process line:
C:\WINDOWS\alchem.ini
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\azesearch.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\azesearch.inf failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\azesearch.inf
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\gdnUS2338.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe
Status: 0xc0000034
File C:\WINDOWS\Downloaded Program Files\test.INF not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\test.INF failed!
Could not process line:
C:\WINDOWS\Downloaded Program Files\test.INF
Status: 0xc0000034
File C:\WINDOWS\drsmartload2.dat not found!
Deletion of file C:\WINDOWS\drsmartload2.dat failed!
Could not process line:
C:\WINDOWS\drsmartload2.dat
Status: 0xc0000034
File C:\WINDOWS\INF\alchem.inf not found!
Deletion of file C:\WINDOWS\INF\alchem.inf failed!
Could not process line:
C:\WINDOWS\INF\alchem.inf
Status: 0xc0000034
File C:\WINDOWS\INF\biC.inf not found!
Deletion of file C:\WINDOWS\INF\biC.inf failed!
Could not process line:
C:\WINDOWS\INF\biC.inf
Status: 0xc0000034
File C:\WINDOWS\INF\biini.inf not found!
Deletion of file C:\WINDOWS\INF\biini.inf failed!
Could not process line:
C:\WINDOWS\INF\biini.inf
Status: 0xc0000034
File C:\WINDOWS\INF\polmx2.inf not found!
Deletion of file C:\WINDOWS\INF\polmx2.inf failed!
Could not process line:
C:\WINDOWS\INF\polmx2.inf
Status: 0xc0000034
File C:\WINDOWS\INF\twaintec.inf not found!
Deletion of file C:\WINDOWS\INF\twaintec.inf failed!
Could not process line:
C:\WINDOWS\INF\twaintec.inf
Status: 0xc0000034
File C:\WINDOWS\msbb.log not found!
Deletion of file C:\WINDOWS\msbb.log failed!
Could not process line:
C:\WINDOWS\msbb.log
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho not found!
Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho failed!
Could not process line:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\oins.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\oins.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\oins.exe
Status: 0xc0000034
File C:\WINDOWS\msbb_kyf.dat not found!
Deletion of file C:\WINDOWS\msbb_kyf.dat failed!
Could not process line:
C:\WINDOWS\msbb_kyf.dat
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\kyf.dat not found!
Deletion of file C:\WINDOWS\SYSTEM32\kyf.dat failed!
Could not process line:
C:\WINDOWS\SYSTEM32\kyf.dat
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\SrchSTS.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\SrchSTS.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\SrchSTS.exe
Status: 0xc0000034
File C:\WINDOWS\System32\cf063a0d.exe not found!
Deletion of file C:\WINDOWS\System32\cf063a0d.exe failed!
Could not process line:
C:\WINDOWS\System32\cf063a0d.exe
Status: 0xc0000034
File C:\WINDOWS\System32\SCFGWMIT.exe not found!
Deletion of file C:\WINDOWS\System32\SCFGWMIT.exe failed!
Could not process line:
C:\WINDOWS\System32\SCFGWMIT.exe
Status: 0xc0000034
File C:\WINDOWS\System32\DIGESTW.exe not found!
Deletion of file C:\WINDOWS\System32\DIGESTW.exe failed!
Could not process line:
C:\WINDOWS\System32\DIGESTW.exe
Status: 0xc0000034
File C:\WINDOWS\System32\0dc14acb.exe not found!
Deletion of file C:\WINDOWS\System32\0dc14acb.exe failed!
Could not process line:
C:\WINDOWS\System32\0dc14acb.exe
Status: 0xc0000034
File C:\WINDOWS\System32\IASCRW.exe not found!
Deletion of file C:\WINDOWS\System32\IASCRW.exe failed!
Could not process line:
C:\WINDOWS\System32\IASCRW.exe
Status: 0xc0000034
File C:\WINDOWS\System32\xkefyp.exe not found!
Deletion of file C:\WINDOWS\System32\xkefyp.exe failed!
Could not process line:
C:\WINDOWS\System32\xkefyp.exe
Status: 0xc0000034
File C:\WINDOWS\System32\UDIOSRVA.exe not found!
Deletion of file C:\WINDOWS\System32\UDIOSRVA.exe failed!
Could not process line:
C:\WINDOWS\System32\UDIOSRVA.exe
Status: 0xc0000034
File C:\WINDOWS\System32\SMARQUES.exe not found!
Deletion of file C:\WINDOWS\System32\SMARQUES.exe failed!
Could not process line:
C:\WINDOWS\System32\SMARQUES.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Post by: guestolo on June 14, 2006, 09:50:28 PM
Quote
I want to see EVERYTHING in the log
I need you too do the following
Go back to msconfig
REENABLE EVERYTHING ON STARTUP
Reboot the computer afterwards and post back a fresh hijackthis log
Your almost done, but we won't continue until you have done the above
Leave everything enabled until AFTER we are sure you are clean
Geesh, Just enable everything on startup in msconfig and reboot the computer
Leave it enabled till after we have you clean
I don't want to see a new Avenger log, the very first one was the most important!
Post by: purepremium2006 on June 15, 2006, 02:41:10 AM
Logfile of HijackThis v1.99.1
Scan saved at 12:39:30 AM, on 6/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\francis\My Documents\francis_stuf\Programs\Antivirus_PutonDesktop\hijackthis.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ACS.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Post by: guestolo on June 15, 2006, 05:38:29 PM
Can you reboot into safe mode and run WPFind again
Reboot back to Normal mode and post it's log please
Besides having the extra startup entries, how is everything else running?
Just some final cleanup if everything is OK
Post by: purepremium2006 on June 16, 2006, 02:05:40 AM
About those sys restore folders (C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}). Can I delete them?
Here's the log...
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Items found in C:\WINDOWS\hosts
Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/28/2002 2:00:00 PM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 9/28/2005 2:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 9/28/2005 2:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 7/12/2005 7:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 1/4/2006 8:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 8:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 8/28/2002 2:00:00 PM 631808 C:\WINDOWS\SYSTEM32\RASDLG.DLL
UPX! 1/9/2006 10:36:00 AM 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 1/9/2006 10:36:00 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 8/28/2002 2:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
UPX! 6/13/2006 11:37:18 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 6/13/2006 11:37:18 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 6/13/2006 11:37:18 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 6/13/2006 11:37:18 PM 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/15/2006 11:51:02 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
6/15/2006 11:49:46 PM S 64 C:\WINDOWS\CSC\00000001
6/11/2006 12:45:12 PM S 64 C:\WINDOWS\CSC\00000002
6/7/2006 7:12:18 PM S 64 C:\WINDOWS\CSC\csc1.tmp
4/28/2006 9:29:22 PM HS 848 C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
6/15/2006 11:50:50 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
6/15/2006 11:51:10 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
6/15/2006 11:51:06 PM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
6/15/2006 11:52:26 PM H 86016 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
6/15/2006 11:51:08 PM H 1159168 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
7/13/2006 1:24:22 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\153d4519-394e-4c7c-8095-25fe2cf4e79a
5/2/2006 12:52:20 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\25859ce9-92ac-45ac-8b06-5d887a65dca2
6/30/2006 1:22:34 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\3781809c-f2bc-4296-ad5e-0799756c3c62
5/2/2006 12:52:20 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
6/15/2006 11:49:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/28/2002 2:00:00 PM 66048 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 578560 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
11/11/1999 9:11:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Logitech Inc. 7/28/2005 2:01:56 PM 360448 C:\WINDOWS\SYSTEM32\camcpl.cpl
5/23/2002 8:45:48 PM 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 129024 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 150016 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 292352 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 121856 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 559616 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 256000 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 36864 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 109056 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
11/19/1999 2:54:12 PM 155648 C:\WINDOWS\SYSTEM32\PPPoEService.cpl
RealNetworks, Inc. 1/13/2003 1:47:04 AM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 268288 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Wacom Technology, Corp. 11/25/2002 1:55:00 PM 921600 C:\WINDOWS\SYSTEM32\Tablet.cpl
Microsoft Corporation 8/28/2002 2:00:00 PM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/28/2002 2:00:00 PM 90112 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/11/2006 7:45:30 PM 409 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACS.lnk
1/29/2006 6:13:00 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/2/2002 10:36:04 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
1/11/2006 7:45:30 PM 533 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus Xtreme G Configuration Utility.lnk
1/11/2006 7:45:30 PM 513 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/2/2002 10:26:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
5/5/2006 11:38:46 PM 1782 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
4/29/2006 1:44:20 AM 988 C:\Documents and Settings\francis\Start Menu\Programs\Startup\Adobe Gamma.lnk
9/2/2002 10:36:04 PM HS 84 C:\Documents and Settings\francis\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %USERPROFILE%\Application Data folder...
9/2/2002 10:26:20 PM HS 62 C:\Documents and Settings\francis\Application Data\DESKTOP.INI
2/7/2003 12:49:28 AM 12358 C:\Documents and Settings\francis\Application Data\PFP100JCM.{PB
2/7/2003 12:49:28 AM 61678 C:\Documents and Settings\francis\Application Data\PFP100JPR.{PB
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DVDSentry C:\WINDOWS\System32\DSentry.exe
ATIModeChange Ati2mdxx.exe
zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
PCTVOICE pctspk.exe
LogitechCameraAssistant C:\Program Files\Logitech\Video\CameraAssistant.exe
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
YBrowser C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
RegKillTray "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
RegKillElbyCheck "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
PRISMSVR.EXE "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
LVCOMSX C:\WINDOWS\System32\LVCOMSX.EXE
LogitechVideo[inspector] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
LogitechCameraService(E) C:\WINDOWS\System32\ElkCtrl.exe /automation
Logitech Utility Logi_MwX.Exe
Apoint C:\Program Files\Apoint\Apoint.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoStartMenuMyMusic 1
NoSMMyPictures 1
NoRecentDocsMenu 1
ClearRecentDocsOnExit 1
NoRecentDocsHistory 1
NoTaskGrouping 1
NoRecentDocsNetHood 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/15/2006 11:59:51 PM
Post by: guestolo on June 17, 2006, 12:20:04 PM
Yes we should clear those system restore points, that's part of are final cleanup
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> If everything is running better
- Go to START>>RUN>>In the open field
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
If you don't have these next Spyware scanners, I suggest you download both and hold onto them
Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
===================================
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer if any red entries were selected and fixed
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission
The Firewall in Windows SP1 is not enabled by default
it is in SP2, we should address this problem
If you would like a better firewall than the one provided with Windows, let me know and I'll post a link
Update and do scan's with your Anti-Spyware programs on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update
Most Important:
*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month!
you still haven't updated to Service pack 2?
Is there a reason for this?
I would take this oppurtunity to update
Please see this link:
http://www.microsoft.com/windowsxp/sp2/default.mspx (http://\"http://www.microsoft.com/windowsxp/sp2/default.mspx\")
Take note on that page and read the following
[indent]What to know before you download and install[/indent]
Before updating I would run the disk defragmentor on your computer
START>>All Programs>>Accessories>>System Tools>>Disk Defragmenter
If you haven't ran this in awhile, it could take a bit of time to finish, let it run uninterrupted
I find it best ran in safe mode
Then reboot back to Normal mode and visit Windows Updates!
If your on dialup, you may choose to order the free CD
There is a link on that page also
NOTE: You have HP's Share-to-Web installed, it's not a bad thing, but there was a Windows update that caused problems with IE address bar, unable to open some folders, etc...
Not to worry, if you experience any of these problems, post back and we will fix that issue for you
Do Not remove Sp2 because of this!
I think Windows update has already addressed this issue, but that is just precaution
Stay safe
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: purepremium2006 on June 19, 2006, 04:27:25 AM
merci beacoup
francis
Post by: guestolo on June 19, 2006, 06:55:43 AM
Located HERE (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")
Only use one software firewall if you decide to install one
The link to SP2 changed a bit, sorry about that
That same link
[color=\"#3333FF\"]http://www.microsoft.com/windowsxp/sp2/default.mspx[/color] (http://\"http://www.microsoft.com/windowsxp/sp2/default.mspx\")
You will find other links directing to
Support and how-tos
Why?
How?
Scan through it all, especially take note of How?>>Get your Computer ready
Post by: purepremium2006 on June 24, 2006, 01:40:51 AM
I'd like to donate a small amount for your help.
I don't trust paypal anymore, they keep sending me spam and I've put my account on hold.
Give me an address and I'd like to send it to you.
Thanks again for all the help.
Post by: guestolo on July 02, 2006, 10:21:03 AM
So don't worry about it
But, Paypal typically will not send spam
They may email rarely including:
PayPal Periodical Monthly Newsletter and Product Updates*
Auction Seller Tips
ALL Policy Change Notices
Customer Feedback Surveys
Partner/Third-Party Promotions
PayPal Developer Network updates
Take note: You must select these options in order for Paypal too email about the above info
In paypal, these options are selected under Profile>>Notifications
You can uncheck any of the above if you wish
Don't forget, if you still receive spam from Paypal
It also may not be a legit Paypal email, but some others impersonating their address
Take caution, these emails can look legit, but may direct you too a website of their own that looks very similiar too a Paypal page
Read Paypal's Security tips when your logged in
This is part of their prevention tips
Email Security
* Look for a PayPal Greeting: PayPal will never send an email with the greeting "Dear PayPal User" or "Dear PayPal Member." Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information—to [email protected]. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
* Don't share personal information via email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to https://www.paypal.com/ (http://\"https://www.paypal.com/\").
* Don't download attachments: PayPal will never send you an attachment or software update to install on your computer.