Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Umonitor Problem


  • Please log in to reply

#16
BigRed44

BigRed44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is my lm2fix log:
L2Mfix 1.03

Running From:
C:\HJT\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\HJT\l2mfix
System Rebooted!

Running From:
C:\HJT\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1116 'explorer.exe'
Killing PID 1116 'explorer.exe'
Killing PID 1116 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1876 'rundll32.exe'
Killing PID 416 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\aotodisc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cimdlg32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dcprov.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dEdim700.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dzsetup.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\f4j2le1o1h.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fxusd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\h84m0ih1e84.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hiicons.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hqetcfg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iadkcs32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iclp2res.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iGsrad.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\iRshlpr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jesd400.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kedtuq.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\knymgr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ljcdll.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lwexpand.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\m0nqla551d.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mccomput.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcrecr40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mfhgrcoi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mkrepl40.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\muglibnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mxswch.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzidntld.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\n8p40i7qe8.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\plrfts.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qisname.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qmsname.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\qnsname.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sjlsrv32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\thddd.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\tod32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\vcajet32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wwi.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guards.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\aotodisc.dll
Successfully Deleted: C:\WINDOWS\system32\aotodisc.dll
deleting: C:\WINDOWS\system32\cimdlg32.dll
Successfully Deleted: C:\WINDOWS\system32\cimdlg32.dll
deleting: C:\WINDOWS\system32\dcprov.dll
Successfully Deleted: C:\WINDOWS\system32\dcprov.dll
deleting: C:\WINDOWS\system32\dEdim700.dll
Successfully Deleted: C:\WINDOWS\system32\dEdim700.dll
deleting: C:\WINDOWS\system32\dzsetup.dll
Successfully Deleted: C:\WINDOWS\system32\dzsetup.dll
deleting: C:\WINDOWS\system32\f4j2le1o1h.dll
Successfully Deleted: C:\WINDOWS\system32\f4j2le1o1h.dll
deleting: C:\WINDOWS\system32\fxusd.dll
Successfully Deleted: C:\WINDOWS\system32\fxusd.dll
deleting: C:\WINDOWS\system32\h84m0ih1e84.dll
Successfully Deleted: C:\WINDOWS\system32\h84m0ih1e84.dll
deleting: C:\WINDOWS\system32\hiicons.dll
Successfully Deleted: C:\WINDOWS\system32\hiicons.dll
deleting: C:\WINDOWS\system32\hqetcfg.dll
Successfully Deleted: C:\WINDOWS\system32\hqetcfg.dll
deleting: C:\WINDOWS\system32\iadkcs32.dll
Successfully Deleted: C:\WINDOWS\system32\iadkcs32.dll
deleting: C:\WINDOWS\system32\iclp2res.dll
Successfully Deleted: C:\WINDOWS\system32\iclp2res.dll
deleting: C:\WINDOWS\system32\iGsrad.dll
Successfully Deleted: C:\WINDOWS\system32\iGsrad.dll
deleting: C:\WINDOWS\system32\iRshlpr.dll
Successfully Deleted: C:\WINDOWS\system32\iRshlpr.dll
deleting: C:\WINDOWS\system32\jesd400.dll
Successfully Deleted: C:\WINDOWS\system32\jesd400.dll
deleting: C:\WINDOWS\system32\kedtuq.dll
Successfully Deleted: C:\WINDOWS\system32\kedtuq.dll
deleting: C:\WINDOWS\system32\knymgr.dll
Successfully Deleted: C:\WINDOWS\system32\knymgr.dll
deleting: C:\WINDOWS\system32\ljcdll.dll
Successfully Deleted: C:\WINDOWS\system32\ljcdll.dll
deleting: C:\WINDOWS\system32\lwexpand.dll
Successfully Deleted: C:\WINDOWS\system32\lwexpand.dll
deleting: C:\WINDOWS\system32\m0nqla551d.dll
Successfully Deleted: C:\WINDOWS\system32\m0nqla551d.dll
deleting: C:\WINDOWS\system32\mccomput.dll
Successfully Deleted: C:\WINDOWS\system32\mccomput.dll
deleting: C:\WINDOWS\system32\mcrecr40.dll
Successfully Deleted: C:\WINDOWS\system32\mcrecr40.dll
deleting: C:\WINDOWS\system32\mfhgrcoi.dll
Successfully Deleted: C:\WINDOWS\system32\mfhgrcoi.dll
deleting: C:\WINDOWS\system32\mkrepl40.dll
Successfully Deleted: C:\WINDOWS\system32\mkrepl40.dll
deleting: C:\WINDOWS\system32\muglibnt.dll
Successfully Deleted: C:\WINDOWS\system32\muglibnt.dll
deleting: C:\WINDOWS\system32\mxswch.dll
Successfully Deleted: C:\WINDOWS\system32\mxswch.dll
deleting: C:\WINDOWS\system32\mzidntld.dll
Successfully Deleted: C:\WINDOWS\system32\mzidntld.dll
deleting: C:\WINDOWS\system32\n8p40i7qe8.dll
Successfully Deleted: C:\WINDOWS\system32\n8p40i7qe8.dll
deleting: C:\WINDOWS\system32\plrfts.dll
Successfully Deleted: C:\WINDOWS\system32\plrfts.dll
deleting: C:\WINDOWS\system32\qisname.dll
Successfully Deleted: C:\WINDOWS\system32\qisname.dll
deleting: C:\WINDOWS\system32\qmsname.dll
Successfully Deleted: C:\WINDOWS\system32\qmsname.dll
deleting: C:\WINDOWS\system32\qnsname.dll
Successfully Deleted: C:\WINDOWS\system32\qnsname.dll
deleting: C:\WINDOWS\system32\sjlsrv32.dll
Successfully Deleted: C:\WINDOWS\system32\sjlsrv32.dll
deleting: C:\WINDOWS\system32\thddd.dll
Successfully Deleted: C:\WINDOWS\system32\thddd.dll
deleting: C:\WINDOWS\system32\tod32.dll
Successfully Deleted: C:\WINDOWS\system32\tod32.dll
deleting: C:\WINDOWS\system32\vcajet32.dll
Successfully Deleted: C:\WINDOWS\system32\vcajet32.dll
deleting: C:\WINDOWS\system32\wwi.dll
Successfully Deleted: C:\WINDOWS\system32\wwi.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guards.tmp
Successfully Deleted: C:\WINDOWS\system32\guards.tmp

Desktop.ini sucessfully removed

Zipping up files for submission:
adding: aotodisc.dll (188 bytes security) (deflated 6%)
adding: cimdlg32.dll (188 bytes security) (deflated 5%)
adding: dcprov.dll (188 bytes security) (deflated 5%)
adding: dEdim700.dll (188 bytes security) (deflated 4%)
adding: dzsetup.dll (188 bytes security) (deflated 6%)
adding: f4j2le1o1h.dll (188 bytes security) (deflated 6%)
adding: fxusd.dll (188 bytes security) (deflated 4%)
adding: h84m0ih1e84.dll (188 bytes security) (deflated 6%)
adding: hiicons.dll (188 bytes security) (deflated 5%)
adding: hqetcfg.dll (188 bytes security) (deflated 6%)
adding: iadkcs32.dll (188 bytes security) (deflated 6%)
adding: iclp2res.dll (188 bytes security) (deflated 6%)
adding: iGsrad.dll (188 bytes security) (deflated 6%)
adding: iRshlpr.dll (188 bytes security) (deflated 5%)
adding: jesd400.dll (188 bytes security) (deflated 5%)
adding: kedtuq.dll (188 bytes security) (deflated 5%)
adding: knymgr.dll (188 bytes security) (deflated 6%)
adding: ljcdll.dll (188 bytes security) (deflated 5%)
adding: lwexpand.dll (188 bytes security) (deflated 5%)
adding: m0nqla551d.dll (188 bytes security) (deflated 4%)
adding: mccomput.dll (188 bytes security) (deflated 5%)
adding: mcrecr40.dll (188 bytes security) (deflated 4%)
adding: mfhgrcoi.dll (188 bytes security) (deflated 6%)
adding: mkrepl40.dll (188 bytes security) (deflated 4%)
adding: muglibnt.dll (188 bytes security) (deflated 5%)
adding: mxswch.dll (188 bytes security) (deflated 5%)
adding: mzidntld.dll (188 bytes security) (deflated 5%)
adding: n8p40i7qe8.dll (188 bytes security) (deflated 6%)
adding: plrfts.dll (188 bytes security) (deflated 5%)
adding: qisname.dll (188 bytes security) (deflated 5%)
adding: qmsname.dll (188 bytes security) (deflated 5%)
adding: qnsname.dll (188 bytes security) (deflated 6%)
adding: sjlsrv32.dll (188 bytes security) (deflated 6%)
adding: thddd.dll (188 bytes security) (deflated 6%)
adding: tod32.dll (188 bytes security) (deflated 4%)
adding: vcajet32.dll (188 bytes security) (deflated 6%)
adding: wwi.dll (188 bytes security) (deflated 5%)
adding: guard.tmp (188 bytes security) (deflated 4%)
adding: guards.tmp (188 bytes security) (deflated 6%)
adding: clear.reg (188 bytes security) (deflated 64%)
adding: echo.reg (188 bytes security) (deflated 6%)
adding: desktop.ini (188 bytes security) (deflated 13%)
adding: direct.txt (188 bytes security) (stored 0%)
adding: lo2.txt (188 bytes security) (deflated 86%)
adding: readme.txt (188 bytes security) (deflated 49%)
adding: report.txt (188 bytes security) (deflated 69%)
adding: test.txt (188 bytes security) (deflated 83%)
adding: test2.txt (188 bytes security) (deflated 45%)
adding: test3.txt (188 bytes security) (deflated 45%)
adding: test5.txt (188 bytes security) (deflated 45%)
adding: xfind.txt (188 bytes security) (deflated 78%)
adding: backregs/030547F2-24BE-4043-9DEE-821A644DE906.reg (188 bytes security) (deflated 70%)
adding: backregs/495E0911-02D5-4230-848E-97178DF4254D.reg (188 bytes security) (deflated 70%)
adding: backregs/58862208-8498-43C2-9847-7A54AFC98E74.reg (188 bytes security) (deflated 70%)
adding: backregs/588FA1A2-D813-4C0F-8FF0-3DAE990B0619.reg (188 bytes security) (deflated 70%)
adding: backregs/6A4DF576-44F5-4F78-8FBB-9D0F27D958A1.reg (188 bytes security) (deflated 70%)
adding: backregs/71781550-7373-4547-97B8-FD76A2BB90B7.reg (188 bytes security) (deflated 70%)
adding: backregs/847BB0EF-F987-4538-9797-02F7D2C75D4D.reg (188 bytes security) (deflated 70%)
adding: backregs/AC06C753-9A3A-43D3-AAFB-DFAFADBD6528.reg (188 bytes security) (deflated 70%)
adding: backregs/C2AE99D1-16B4-4759-A3A4-CD671B5BC64A.reg (188 bytes security) (deflated 70%)
adding: backregs/F2DD7343-382A-4511-9889-5A6F783DDB96.reg (188 bytes security) (deflated 70%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: aotodisc.dll
deleting local copy: cimdlg32.dll
deleting local copy: dcprov.dll
deleting local copy: dEdim700.dll
deleting local copy: dzsetup.dll
deleting local copy: f4j2le1o1h.dll
deleting local copy: fxusd.dll
deleting local copy: h84m0ih1e84.dll
deleting local copy: hiicons.dll
deleting local copy: hqetcfg.dll
deleting local copy: iadkcs32.dll
deleting local copy: iclp2res.dll
deleting local copy: iGsrad.dll
deleting local copy: iRshlpr.dll
deleting local copy: jesd400.dll
deleting local copy: kedtuq.dll
deleting local copy: knymgr.dll
deleting local copy: ljcdll.dll
deleting local copy: lwexpand.dll
deleting local copy: m0nqla551d.dll
deleting local copy: mccomput.dll
deleting local copy: mcrecr40.dll
deleting local copy: mfhgrcoi.dll
deleting local copy: mkrepl40.dll
deleting local copy: muglibnt.dll
deleting local copy: mxswch.dll
deleting local copy: mzidntld.dll
deleting local copy: n8p40i7qe8.dll
deleting local copy: plrfts.dll
deleting local copy: qisname.dll
deleting local copy: qmsname.dll
deleting local copy: qnsname.dll
deleting local copy: sjlsrv32.dll
deleting local copy: thddd.dll
deleting local copy: tod32.dll
deleting local copy: vcajet32.dll
deleting local copy: wwi.dll
deleting local copy: guard.tmp
deleting local copy: guards.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\aotodisc.dll
C:\WINDOWS\system32\cimdlg32.dll
C:\WINDOWS\system32\dcprov.dll
C:\WINDOWS\system32\dEdim700.dll
C:\WINDOWS\system32\dzsetup.dll
C:\WINDOWS\system32\f4j2le1o1h.dll
C:\WINDOWS\system32\fxusd.dll
C:\WINDOWS\system32\h84m0ih1e84.dll
C:\WINDOWS\system32\hiicons.dll
C:\WINDOWS\system32\hqetcfg.dll
C:\WINDOWS\system32\iadkcs32.dll
C:\WINDOWS\system32\iclp2res.dll
C:\WINDOWS\system32\iGsrad.dll
C:\WINDOWS\system32\iRshlpr.dll
C:\WINDOWS\system32\jesd400.dll
C:\WINDOWS\system32\kedtuq.dll
C:\WINDOWS\system32\knymgr.dll
C:\WINDOWS\system32\ljcdll.dll
C:\WINDOWS\system32\lwexpand.dll
C:\WINDOWS\system32\m0nqla551d.dll
C:\WINDOWS\system32\mccomput.dll
C:\WINDOWS\system32\mcrecr40.dll
C:\WINDOWS\system32\mfhgrcoi.dll
C:\WINDOWS\system32\mkrepl40.dll
C:\WINDOWS\system32\muglibnt.dll
C:\WINDOWS\system32\mxswch.dll
C:\WINDOWS\system32\mzidntld.dll
C:\WINDOWS\system32\n8p40i7qe8.dll
C:\WINDOWS\system32\plrfts.dll
C:\WINDOWS\system32\qisname.dll
C:\WINDOWS\system32\qmsname.dll
C:\WINDOWS\system32\qnsname.dll
C:\WINDOWS\system32\sjlsrv32.dll
C:\WINDOWS\system32\thddd.dll
C:\WINDOWS\system32\tod32.dll
C:\WINDOWS\system32\vcajet32.dll
C:\WINDOWS\system32\wwi.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guards.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{71781550-7373-4547-97B8-FD76A2BB90B7}"=-
"{AC06C753-9A3A-43D3-AAFB-DFAFADBD6528}"=-
"{C2AE99D1-16B4-4759-A3A4-CD671B5BC64A}"=-
"{495E0911-02D5-4230-848E-97178DF4254D}"=-
"{6A4DF576-44F5-4F78-8FBB-9D0F27D958A1}"=-
"{847BB0EF-F987-4538-9797-02F7D2C75D4D}"=-
"{58862208-8498-43C2-9847-7A54AFC98E74}"=-
"{F2DD7343-382A-4511-9889-5A6F783DDB96}"=-
"{588FA1A2-D813-4C0F-8FF0-3DAE990B0619}"=-
"{030547F2-24BE-4043-9DEE-821A644DE906}"=-
[-HKEY_CLASSES_ROOT\CLSID\{71781550-7373-4547-97B8-FD76A2BB90B7}]
[-HKEY_CLASSES_ROOT\CLSID\{AC06C753-9A3A-43D3-AAFB-DFAFADBD6528}]
[-HKEY_CLASSES_ROOT\CLSID\{C2AE99D1-16B4-4759-A3A4-CD671B5BC64A}]
[-HKEY_CLASSES_ROOT\CLSID\{495E0911-02D5-4230-848E-97178DF4254D}]
[-HKEY_CLASSES_ROOT\CLSID\{6A4DF576-44F5-4F78-8FBB-9D0F27D958A1}]
[-HKEY_CLASSES_ROOT\CLSID\{847BB0EF-F987-4538-9797-02F7D2C75D4D}]
[-HKEY_CLASSES_ROOT\CLSID\{58862208-8498-43C2-9847-7A54AFC98E74}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DD7343-382A-4511-9889-5A6F783DDB96}]
[-HKEY_CLASSES_ROOT\CLSID\{588FA1A2-D813-4C0F-8FF0-3DAE990B0619}]
[-HKEY_CLASSES_ROOT\CLSID\{030547F2-24BE-4043-9DEE-821A644DE906}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{29BFE426-A96A-4461-889E-EDB279CF46AA}</IDone>
<IDtwo>DS3</IDtwo>
<VERSION>200</VERSION>
****************************************************************************

=====================================================
Here is my hijack log
Logfile of HijackThis v1.99.1
Scan saved at 9:39:04 PM, on 4/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\COMMON~1\AOL\110424~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110424~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104246225\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101351279386
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://wellnesscam1....sCamControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

Advertisements


#17
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
How is it running?
  • 0

#18
BigRed44

BigRed44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Well my laptop is still a little screwed up. The pop ups are gone, but I can not access IE when i am connect to the internet(AOL). It used to be that as long as I was connect I could use IE or Firefox. Also my boot time is 10x longer than it used to be. Is this the fault of SP2 or is there a problem?

thanks
  • 0

#19
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Give me a new hijack this log. :tazz:
  • 0

#20
BigRed44

BigRed44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here you go
Thanks for your time

Logfile of HijackThis v1.99.1
Scan saved at 3:47:43 PM, on 4/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\HPConfig.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\S3tray2.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\COMMON~1\AOL\110424~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110424~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104246225\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101351279386
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://wellnesscam1....sCamControl.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5243FFA4-3248-43C1-ABEB-A3CA55717E4E}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsgNT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

#21
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I can't find anything obviously wrong with your log. We'll try the simple things first.

I can not access IE when i am connect to the internet(AOL).


Read the following:

http://support.acade...ic/acdm5128.htm

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.


Download the free VX2 Cleaner here[list]
[*]Close Ad-Aware SE build 1.05 and Ad-Watch (if running)
[*]Install the VX2 Cleaner
[*]Start Ad-Aware SE build 1.05
[*]Go to “Plug-ins”
[*]Select the VX2 Cleaner plug-in and click “Run Plugin”
[*]If your computer isn't infected, click "close"
[*]If your computer is infected:[list]
[*]Select “Clean System”
[*]Reboot your computer
[*]Scan your computer with Ad-Aware
[*]Remove any VX2 objects detected
[*]Reboot your computer again
[*]Run a second scan to make sure the files have been removed from your computer

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.

If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#22
BigRed44

BigRed44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I figured out what was wrong with AOL, my firewall was blocking a .rtm or something like that. I changed the settings and it works now
  • 0

#23
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
So, everything is working fine? :tazz:
  • 0

#24
BigRed44

BigRed44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ya everything seems to be fine, except that it's boot up is slow. But it is ok i am going to get a new laptop in the summer anyway.

Thanks for your help and time
This forum is a great resource
  • 0

#25
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You have a lot of unnecessary processes in your start-up. You can go to www.answersthatwork.com and see what is necessary and what is not.

The 04's are the processes that start up when you boot the computer. Go to answers that work and look at this, for example:

S3tray2.exe

This program runs the Windows System Tray, which is that part of the Task Bar where the Time is displayed.  The System Tray is often used by other installed programs for their icons to be displayed in it.
Recommendation : Leave untouched.



O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104246225\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP