Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - smallclaimshammer

Pages: [1] 2
1
Tech Clinic / Please check my HJT log
« on: May 04, 2012, 11:29:48 PM »
Please look at this HJT log, is there something slowing the laptop processor...it pauses for long periods for some reason.  It used to be faster.
I have Spybot SD, fresh updates, run regular, shows no threats found.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:49:26 PM, on 5/4/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 00-40-05-0e-1a-5b:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13171 bytes

2
Tech Clinic / IE 8 uninstall, now no Inernet Options in Control Panel, cannot downlo
« on: January 26, 2012, 09:54:39 PM »
Hello, Guestolo....

It has been 7 years since I had may last problem that you helped me with.  

I have an older PC.  I had IE8 for over two years I think, no problems, just slower browsing with the load it put on processor. I'm running XP Pro with all updates, on AMD Athlon XP Processor 1700+Model6, Stepping 2, 1470 MHZ.   It got really slow last week.  I have and used Malwarebytes, and SpyBot S&D often...3 or 4 times a month...no scans with problems, virus, or trojans. Ocassional "RightMedia" cookie.  I ran all when slowed down, nothing.  Ran ESet scan..nothing.  Read Microsoft support...how to remove IE8.  IE8 had button for remove in ADD or Remove Programs...control panel.  No tab for SP3.  Removed IE8.

Reboot...I have Internet Options showing in Control panel...click it and it blips on then off.  
         No Internet Explorer toolbar, no tabs for EDIT, Favorites, Tools, etc......
         I can not download programs, or Micrsoft FixIt.
         Can not download PDF files.

         I can browse Internet sites, I can see images/photos posted to forums, and click to enlarge them OK.
         I can transmit Email...but not post any photo attachments to them.
         I recieve email OK.

         Could it be a JAVA related problem?  Control C to copy, and Control V to paste....will not work HERE in this reply box ...on items (recent Java errors) I have copies of on clipboard,that
         I tried to post here, using copy/paste.  

I ran Restore to earlier date...did not help...it reinstalled IE8 on restore.  Same problem no change.  Picked another date...forward of first restore, did not help.  Read on Microsoft support about registry checking...did so..saw nothing enabled in areas of IE.  I do not show a file for Restrictions under IE,  user or local system registry.  As was mentioned on one page...maybe not XP correct.  I'm not sharp on this in-depth computer drill down.  No registry changes made.

I do not have HijackThis....to run in my programs list, and cannot download it ...with current problem. I turned off windows security firewall,and turned off Malwarebytes immunization, also Spybot S&D.  No change, no help.

Can you help guide me on this?

I'm going to need HJT...aren't I?

I may be able to get the HJT download from another computer with USB download. I'll go try that now.

Your help is appreciated,  

Thanks,   John

3
Tech Clinic / Trojan..Website removed for spammingnning 80 to 100% of processor...
« on: March 07, 2010, 12:17:48 AM »
I have a problem...I loaded Spybot SD, it loaded fine...3 times...but whatever has EXPLORER.EXE running at 80 to 100% all the time, will not let Spybot SD even load to do a scan.  The computer shuts down just as Spybot SD starts to fully load.  I have only one version of Spybot SD installed....I did uninstall, then reinstall each time...trying to get it to scan...but Im thinking its a trojan.  I'll try to load Hijack This....and get you a log....I hope you can help.

4
Tech Clinic / At least 7 problems...what is causing this?
« on: November 06, 2007, 11:39:38 PM »
Just got it ...you are up late I see...



SmitFraudFix v2.250

Scan done at 22:32:37.39, Tue 11/06/2007
Run from C:\Documents and Settings\John Taylor\Local Settings\Temporary Internet Files\Content.IE5\2D4KHJWY\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\proper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AVSystemCare\ugcw.exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\Program Files\AVSystemCare\pgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

192.168.200.3   download.microsoft.com
192.168.200.3   downloads.microsoft.com
192.168.200.3   go.microsoft.com
192.168.200.3   microsoft.com
192.168.200.3   msdn.microsoft.com
192.168.200.3   office.microsoft.com
192.168.200.3   support.microsoft.com
192.168.200.3   windowsupdate.microsoft.com
192.168.200.3   www.microsoft.com
192.168.200.3   pandasoftware.com
192.168.200.3   www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\proper.exe FOUND !
C:\WINDOWS\system32\skuns.dat FOUND !
C:\WINDOWS\system32\winter.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Taylor


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Taylor\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\JOHNTA~1\STARTM~1\Programs\Startup\infos.exe FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\autos.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNTA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\skuns.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0397AE95-9969-40FB-A940-0125C655F5E2}: NameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0397AE95-9969-40FB-A940-0125C655F5E2}: NameServer=68.94.156.1 68.94.157.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

5
Tech Clinic / At least 7 problems...what is causing this?
« on: November 06, 2007, 11:22:18 PM »
guestolo,  Please see the log...Thanks, John

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:50 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\proper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AVSystemCare\ugcw.exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\Program Files\AVSystemCare\pgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CIEIntegrator Object - {7A7F202E-AF91-4889-9DD5-2FE241085CC1} - C:\Program Files\AVSystemCare\Tools\pg.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM\..\Run: [rtasks] C:\Program Files\AVSystemCare\rtasks.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] ms.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] ms.exe (User 'Default user')
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O15 - Trusted Zone: http://www.shopping.hp.com
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/wind...b?1001128860529
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.186.207.89/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0397AE95-9969-40FB-A940-0125C655F5E2}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0397AE95-9969-40FB-A940-0125C655F5E2}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8647 bytes

6
Tech Clinic / At least 7 problems...what is causing this?
« on: November 06, 2007, 10:20:21 PM »
1.  Windows Security Alert- constantly popping up. Warning! Potential Spyware Operation! Your computer is making unathorized copies of your system and internet files! Click Yes to download Syware remover...
   2.  I did download as prompted...it loaded AVSystem ..Now getting AVS Alerts
   3.  Trying to delete AVS..gets box with ...Restrictions- This operation has been canceled etc......
   3.  Clicking Windows Security shield at lower bar...then box showing :  Restrictions-This operation has been canceled due to restrictions in effect on this computer.  Please contact your System Administrator.   (I am only user, no such restrictions)
   4. Going to Start--Settings-- there is no longer any prompt for Control Panel  ( No access to ADD/REMOVE  programs etc
   5. Cannot find any ....way to sign in as Administrator.
   6. When Google is used to locate ...The Tech Guide....it will redirect to AVSystems...you will only get close all tabs prompt when you try to close AVS...which closes Explorer completely.  
   7. I have run Ad-Aware SE, Spybot, CC Cleaner, Super Antispy....with all the updates...and beat my dog.  Nothing helps.
   
    Please drop a note...if you have a clue.... Thanks!!

7
Tech Clinic / My display is set to 100% bright, but images still mostly dark.
« on: December 06, 2006, 06:08:05 PM »
[quote name=\'eXclusive\' post=\'252361\' date=\'Dec 6 2006, 03:10 PM\']ehm, the little buttons on your monitor?[/quote]
      Yes they are there, and set to highest brightness and contrast..still dim in viewing images.  Any other suggestions would be appreciated.

8
Tech Clinic / My display is set to 100% bright, but images still mostly dark.
« on: December 06, 2006, 03:06:49 PM »
I have a AOC Spectrum 7 Glr A , CRT display.  I have never thought it was set correctly.  Is there another way to increase the photos and videos brightness, other than the dial on the front of the display.  I'm running Windows XP Pro and I do not see any tweaks in the Display Controls section.

9
Tech Clinic / Win Xp logs on, then logs off ,cause found.
« on: November 09, 2006, 02:17:23 PM »
I have had a problem with my XP Pro machine.  When I sign on it starts, flashes screen saver, then shows Logging off.  I thought I had a password recognition problem, but that's not it.  I had run Adaware 6 scanning for virus, and it has effected wsaupdater.exe. somehow.  I found notes on a scan where Adaware removed "Search Assistant" which it seems had omni files attached , and this has corrupted a registry.  I spotted a forum discussion at" http://www.opentechsupport.net/forums/arch...ic/20552-1.html "   It made me go look for  the Adaware 6 notes, I had written down on a scan and removal I had done before the problem appeared.   I don't have the computer skills to do the fix that's outlined, but it might help someone else with the same problem.  I've had Great Help on this forum, just trying to do the same in kind. John

10
Tech Clinic / Why Win XP Pro goes to Logging off on startup
« on: October 09, 2006, 11:12:04 PM »
guestolo,  I did not see the post from two weeks ago...I appreciate the help.   I did check the caplocks, No change in signning on.  I am the only user ever setup for the computer.  I do have grandkids who have used it, and several other adult and teen family members, who have used it here at the house when visiting.  I do not think there was any password for the Administrator, I honestly never ever saw an Admin sign on screen all the time I have used it.  It has always said Welcome, Clicked my name , and it was off to running.  I never even typed a password, I guess it was setup by my buddy that way. I tried your suggestion, overtyping my name in the box that appeared ofter the Ctrl/Alt/Dlt at sign on with Administrator.  I just tabbed to Password:, left it blank, and hit enter. It did exactly the same, going to logoff, then back to the Welcome screen with my name showing.  I did not setup, the computer I am having the problem with. My good friend now lives on the East coast, and the Windows Xp Pro disc's were taken by my son . He was working on his computer or something and he has not located them to date.   I understand about pulling the harddrive, and slaving it to a system with an XP, or 2000 Win OS.  The system I am using is mine, but an older Win 98se.  I am to the point of just paying to have the Photo Files rescued by someone, and letting them reset, reload, and do an upgade to the computer ( within reason) .  I thought by posting  here, I might find something to get past the problem.  I have studied the many fixes that appear on the Net, but I am not computer smart enough to run or manipulate the files as needed.  I had a couple of people tell me it would be $320 to open, swap HD's, and get Win XP back on line. ( No upgrades)  I have a ADM CHIP 1.8 mgz, 512 ram,dvd,and dvdrw drives,etc., not the state of art, but faster.  Since my son has no clue where my XP disc are, It may be more economical to look at a new system. I just want the photos at this point, I have some fishing trip photos too, that showed,  I was once good at something.  You had helped me on this 98Win system, when the other computer quit on me months ago.   Your kindness and patience with me went beyond words...I still owe you, my friend.  Thank you, John

11
Tech Clinic / Why Win XP Pro goes to Logging off on startup
« on: October 08, 2006, 02:39:16 AM »
Can you guys tell me why , when turning on my computer, it welcomes me,then when clicked to start, it flashes my screen saver photo, Reads Logging Off, pauses, then flashes saving your settings, then Welcomes me again?  I can't get it to go on and start.  I am a real computer novice.  When I click shutdown it , goes to the screen with the shutdown options, and will, restart or shutdown OK, but not start up. Any help is appreciated.  This started just after I shutoff the computer, late one night when it was sitting idle, On,and Connected to the internet.  I noticed the screen flashing, harddrive humming, and seemed to be operated by a ghost....I could not get it to respond,and feared I was being hacked, SO I HIT THE OFF SWITCH !!   When I tried to restart, with the DSL MODEM OFF, It would not restart as described above.  What do I have to do to get my Grandkids photos,before I have the harddrive wiped clean, and start over?  This is just a hobby, family computer.  No secrets to save.

12
Tech Clinic / Windows XP Pro won't open with password,i.d.
« on: September 19, 2006, 08:14:11 PM »
I have a Windows Xp Pro  operating  system, it will not accept my sign on id, there is no running of the floppy drive  or the dvd drive.  The computer  was running on its on, late one night, it would not  respond to my keystrokes to close.  I feared I WAS BEING HACKED...SO I SHUT IT DOWN .  Turning off the main switch.  It will not restart.  It  prompts me for the password/ I.D.  but  responds it is invalid.    I have some digital photos of grandkids , I want to retreive .  How do I get  this to open?   Please any suggestions will be appreciated.

13
Hardware / Can A Dumby slave a Harddrive?
« on: May 07, 2005, 09:56:04 PM »
I own two computers, one has a problem with the XP Pro OS, and I want my grand kids photos...I heard I could pull the harddrive from it and put it in the other computer which has Windows 98 OS, making it a slave and getting all the pictures into a file and floppys to save them.  Might even get the XP Pro to run with another password, and the floppy, CD drives to run.    
    Does the slave use the same cables it has now?    What  do you do to get the running system, to recognize the slave.  A>B> C....Greek to me.  Any suggestions will be appreciated.

14
Tech Clinic / Password will not load in XP Pro
« on: May 07, 2005, 08:53:15 PM »
My password will not load after I am prompted for it.  I can type it in, hit enter, and the screen goes blue, then back on, then it ask again for my administrator password.   The CD drive is not working, and the floppy drive is not responding to any backup disc inserted.     I have grandkid photos I would like to save.  What  went wrong?  What do I do? Any help and suggestions will be really welcomed.

15
Tech Clinic / Do I enable all start-up programs for Hjt scan?
« on: February 21, 2005, 09:56:35 PM »
Hello, gestolo,    Ran Killbox and removed files as instructed.  The very last ones took extra time.. my system slowed to a crawl.  Could not get cursor to move easily....Last entry was entered and killbox did not ask about reboot, I closed after a time through Ctrl-Alt-Delete...shutdown.  Ran VX2, deleted ok the one file shown.   Then ran Hoster...restored Hosts...OK.   ran DLL compare....see log to follow.  Ran VX2 again...no files found.    See Hijack This log .   Standing by to kill whats left.  Please advise on best settings / setups for Firefox if you have time.  Thanks JRT. Logfile of HijackThis v1.99.1
Scan saved at 7:36:00 PM, on 2/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetechguide.com/forum/index.php?showtopic=13518
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: {FD0B1A83-4F7C-11D5-BD9C-000103C116D5} - (no file)
F1 - win.ini: run=C:\WINDOWS\HPFsched.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

*    DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM\mqc30.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\jvvart.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\wotdecod.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\qjap.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mqidntld.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mawdat10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
________________________________________________

794 items found:  794 files (6 H/S), 0 directories.
Total of file sizes:  156,110,723 bytes    148.88 M

--------------------End log---------------------

16
Tech Clinic / Do I enable all start-up programs for Hjt scan?
« on: February 19, 2005, 10:52:33 PM »
guestolo,   I have a question about Typing the items to delete in BOLD.  I do not know how to do that when at the  Command Prompt.  Please explain....because   the first two.. temp and hosts deleted OK.   Next item , and all at C:WINDOWS\SYSTEM>   were typed as listed , but each time enter ...showed File Not Found.   I missed the bold, and it mattered...RIGHT???   Give me a shout  when you can....Thanks  JRT.     What kind of Dog is "Woof"?  Looks like a Golden Retiver.

17
Tech Clinic / Do I enable all start-up programs for Hjt scan?
« on: February 18, 2005, 03:51:54 AM »
OOPS,    Forgot to say I will turn off the modem after this post....not computer...to keep any unwanted bugss from phoning home. JRT

18
Tech Clinic / Do I enable all start-up programs for Hjt scan?
« on: February 18, 2005, 03:48:41 AM »
Ok , There were no files for Guard.tmp found.     The New HijackThis log follows: Logfile of HijackThis v1.99.1
Scan saved at 2:24:12 AM, on 2/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\MRU-BLASTER\SCHEDULER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\HJT2\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thetechguide.com/forum/index.php?showtopic=13518
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=C:\WINDOWS\HPFsched.exe
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

I will not browse the NET...or restart at all till I hear from you.   My SBC DSL connection is dropping out every 25 to 45 minutes...I don't know why.  As I type this , I hear the hard drive tick...and see the activity light flash on the DSL modem ....like something is trying to download or connect.  Is that possible?   Talk to you later , guestolo....Thanks,JRT

19
Tech Clinic / Do I enable all start-up programs for Hjt scan?
« on: February 18, 2005, 03:20:50 AM »
ok, guestolo,   the FIND.bat ran fine, and found:Warning! This utility will find legitimate files in addition to malware.  
Do not remove anything unless you are sure you know what you're doing.

 ------- System Files in System Directory -------


 Volume in drive C is JTAYLOR    
 Volume Serial Number is 2A60-13E6
 Directory of C:\WINDOWS\SYSTEM

MVCI     DLL       222,568  02-02-05 11:37p MVCI.DLL
CHETCFG  DLL       222,568  02-02-05 11:37p CHETCFG.DLL
MUWDAT10 DLL       222,568  02-02-05 11:37p MUWDAT10.DLL
DMNHUPNP DLL       222,568  02-02-05 11:37p DMNHUPNP.DLL
SLELL    DLL       222,568  02-02-05 11:37p SLELL.DLL
WOTDECOD DLL       222,568  02-02-05 11:37p WOTDECOD.DLL
QIUT     DLL       222,568  02-02-05 11:37p QIUT.DLL
IVIGN32  DLL       222,568  02-02-05 11:37p IVIGN32.DLL
MVMIXMGR DLL       222,568  02-02-05 11:37p MVMIXMGR.DLL
IKETRES  DLL       222,568  02-02-05 11:37p IKETRES.DLL
CCETCFG  DLL       222,568  02-02-05 11:37p CCETCFG.DLL
ICETCFG  DLL       222,568  02-02-05 11:37p ICETCFG.DLL
SVNCUI   DLL       222,568  02-02-05 11:37p SVNCUI.DLL
WHN32S16 DLL       222,568  02-02-05 11:37p WHN32S16.DLL
SSEM0409 DLL       222,568  02-02-05 11:37p SSEM0409.DLL
DSUSIC32 DLL       222,568  02-02-05 11:37p DSUSIC32.DLL
OPE2     DLL       222,568  02-02-05 11:37p OPE2.DLL
WQNG     DLL       222,568  02-02-05 11:37p WQNG.DLL
IU41_QC  DLL       222,568  02-02-05 11:37p IU41_QC.dll
IMSTSCH  DLL       222,568  02-02-05 11:37p IMSTSCH.DLL
IKLOADER DLL       222,568  02-02-05 11:37p IKLOADER.DLL
IWPEERS  DLL       222,568  02-02-05 11:37p IWPEERS.DLL
DHUSIC32 DLL       222,568  02-02-05 11:37p DHUSIC32.DLL
ACMUI    DLL       222,568  02-02-05 11:37p ACMUI.DLL
EKSMDB32 DLL       222,568  02-02-05 11:37p EKSMDB32.DLL
BWOWSELC DLL       222,568  02-02-05 11:37p BWOWSELC.DLL
WONG     DLL       222,568  02-02-05 11:37p WONG.DLL
MVG4DMOD DLL       222,568  02-02-05 11:37p mvg4dmod.dll
ATIFIL32 DLL       222,568  02-02-05 11:37p ATIFIL32.DLL
MQIDNTLD DLL       222,568  02-02-05 11:37p MQIDNTLD.DLL
SKSDETMG DLL       222,568  02-02-05 11:37p SKSDETMG.DLL
HUFC1609 DLL       222,568  02-02-05 11:37p hufc1609.dll
MJWSOCK  DLL       222,568  02-02-05 11:37p MJWSOCK.DLL
IVSTRSA  DLL       222,568  02-02-05 11:37p IVSTRSA.DLL
ARL70    DLL       222,568  02-02-05 11:37p ARL70.DLL
MAWDAT10 DLL       222,568  02-02-05 11:37p MAWDAT10.DLL
MFCONF   DLL       222,568  02-02-05 11:37p MFCONF.DLL
IWFRARED DLL       222,568  02-02-05 11:37p IWFRARED.DLL
JMSD400  DLL       222,568  02-02-05 11:37p JMSD400.DLL
WW2THK   DLL       222,568  02-02-05 11:37p WW2THK.DLL
EXENU    DLL       222,568  02-02-05 11:37p exenu.dll
WX32DLL  DLL       222,568  02-02-05 11:37p WX32DLL.DLL
LBCMGR10 DLL       222,568  02-02-05 11:37p lbcmgr10.dll
JJSH400  DLL       222,568  02-02-05 11:37p JJSH400.DLL
SPSTHUNK DLL       222,568  02-02-05 11:37p SPSTHUNK.DLL
LPRT     DLL       222,568  02-02-05 11:37p LPRT.DLL
AGYCFILT DLL       222,568  02-02-05 11:37p AGYCFILT.DLL
WTDMLOG  DLL       222,568  02-02-05 11:37p wtdmlog.dll
AAUPD    DLL       222,568  02-02-05 11:37p aaupd.dll
        49 file(s)     10,905,832 bytes
         0 dir(s)        2,210.44 MB free

 ------- Hidden Files in System Directory -------


 Volume in drive C is JTAYLOR    
 Volume Serial Number is 2A60-13E6
 Directory of C:\WINDOWS\SYSTEM

FFASTLOG TXT        22,226  02-18-05 12:30a FFASTLOG.TXT
HPF82T09 GID         8,628  02-14-05  5:38p HPF82t09.GID
HPF82H09 GID         8,628  01-29-05  5:20a HPF82h09.GID
HPF82R09 GID         8,628  01-26-05 11:35p HPF82r09.GID
FOLDER   HTT        13,122  02-17-01  1:01p folder.htt
DESKTOP  INI           266  02-17-01  1:01p desktop.ini
         6 file(s)         61,498 bytes
         0 dir(s)        2,210.43 MB free

 ---------- Files Named "Guard" -------------


 Volume in drive C is JTAYLOR    
 Volume Serial Number is 2A60-13E6
 Directory of C:\WINDOWS\SYSTEM

                         2,210.43 MB free

 --------- Temp Files in System Directory --------


 Volume in drive C is JTAYLOR    
 Volume Serial Number is 2A60-13E6
 Directory of C:\WINDOWS\SYSTEM

                         2,210.43 MB free

 ---------------- User Agent ------------


 ------------ Keys Under Notify ------------


 ---------------- Xfind Results -----------------


 -------------- Locate.com Results ---------------


C:\WINDOWS\SYSTEM\
   mvci.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   chetcfg.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   muwdat10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   dmnhupnp.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   slell.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   wotdecod.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   qiut.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ivign32.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   mvmixmgr.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   iketres.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ccetcfg.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   icetcfg.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   svncui.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   whn32s16.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ssem0409.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ffastlog.txt   Fri Feb 18 2005  12:30:42a  A..H.         22,226    21.70 K
   dsusic32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   hpf82t09.gid   Mon Feb 14 2005   5:38:28p  A..H.          8,628     8.43 K
   hpf82h09.gid   Sat Jan 29 2005   5:20:08a  A..H.          8,628     8.43 K
   hpf82r09.gid   Wed Jan 26 2005  11:35:40p  A..H.          8,628     8.43 K
   ope2.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   wqng.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   iu41_qc.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   imstsch.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ikloader.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   iwpeers.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   dhusic32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   acmui.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   eksmdb32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   bwowselc.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   wong.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   mvg4dmod.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   atifil32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   mqidntld.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   sksdetmg.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   hufc1609.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   mjwsock.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ivstrsa.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   arl70.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   mawdat10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   mfconf.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   iwfrared.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   jmsd400.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   ww2thk.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   exenu.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   wx32dll.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   lbcmgr10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   jjsh400.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   spsthunk.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   lprt.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   agycfilt.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   wtdmlog.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
   aaupd.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K

53 items found:  53 files, 0 directories.
   Total of file sizes:  10,953,942 bytes     10.45 M                                             Ok , Hope this helps....Hijack This to follow. JRT

20
Tech Clinic / Do I enable all start-up programs for Hjt scan?
« on: February 18, 2005, 03:02:04 AM »
Ok, The DllCompare shows:*    DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM\mvci.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\chetcfg.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\muwdat10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\dmnhupnp.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\slell.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\wotdecod.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\qiut.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ivign32.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mvmixmgr.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\iketres.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ccetcfg.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\icetcfg.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\svncui.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\whn32s16.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ssem0409.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\dsusic32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ope2.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\wqng.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\iu41_qc.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\imstsch.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ikloader.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\iwpeers.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\dhusic32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\acmui.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\eksmdb32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\bwowselc.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\wong.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mvg4dmod.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\atifil32.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mqidntld.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\sksdetmg.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\hufc1609.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mjwsock.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ivstrsa.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\arl70.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mawdat10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\mfconf.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\iwfrared.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\jmsd400.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\ww2thk.dll     Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\exenu.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\wx32dll.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\lbcmgr10.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\jjsh400.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\spsthunk.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\lprt.dll       Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\agycfilt.dll   Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\wtdmlog.dll    Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
C:\WINDOWS\SYSTEM\aaupd.dll      Wed Feb  2 2005  11:37:24p  ..S.R        222,568   217.35 K
________________________________________________

837 items found:  837 files (49 H/S), 0 directories.
Total of file sizes:  165,681,147 bytes    158.00 M

--------------------End log---------------------

Pages: [1] 2