Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't browse Windows Folders [RESOLVED]


  • This topic is locked This topic is locked

#31
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Well, I maneged to clear my hosts file using the firewall application before your post.

However, I did as you suggested. I disabled all my real-time protection then ran the scan. IT ONLY TOOK 2 MINUTES!!

I did check "scan for rootkits" as well before I ran the scan.

I shall attach the notepad results here....

Attached Files


  • 0

Advertisements


#32
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Good morning mrblue,
slight problem with your output there, please open notepad and make sure wordwrap is not checked.
(top toolbar in notepad, click format, click wordwrap, no check there)

The text should look like this:
WinPFind35 logfile created on: 2008-02-26 06:37:10
WinPFind35U Version 1.0.0.0	 Folder = C:\Documents and Settings\Harry\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd


Post back and I will look at it :)

Harry
  • 0

#33
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Harry

Wordwrap wasn't checked!! I'll try again.

Attached Files


  • 0

#34
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
No, same thing again. This time I'll try WORDPAD instead of NOTEPAD.

Attached Files


  • 0

#35
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Nope, still the same. Shall I do it in Word? It looks ok ok the screen, but when it uploads it, it changes.

Regards
  • 0

#36
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey mrblue,
its not a problem on your end, I am working on it

Harry
  • 0

#37
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok mrblue,
I looked over the log and did not find anything that might be causing this problem. One last combofix scan, but this time we are going to disable teatimer.
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Next load Combo again, let it overwrite if needed. Same instructions as before:
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Harry
  • 0

#38
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Hi Harry

I've got a sneaky suspicion we're not going to find the problem here. I only loaded Teatimer recently, when I upgraded to a new version of Spybot S+D (1.5.2). When I did the original Combofix scans I DID NOT have Teatimer running.

Nevertheless, I shall follow your instructions and post the logs again.

Regards
  • 0

#39
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
ok Harry

Here's the Combofix log:


ComboFix 08-02-25.3 - Kevin 2008-02-28 22:20:19.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.412 [GMT 0:00]
Running from: C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\5102C74H\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-24 19:04 . 2008-02-24 19:04 <DIR> d-------- C:\_OTMoveIt
2008-02-16 20:08 . 2008-02-16 20:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 17:05 . 2008-02-16 17:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 16:19 . 2008-02-16 16:16 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 16:19 . 2008-02-16 16:19 3,446 --a------ C:\WINDOWS\unins000.dat
2008-02-16 13:35 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-16 13:18 . 2008-02-16 13:18 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-16 13:18 . 2008-02-16 13:18 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-15 19:50 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-02-15 19:49 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-15 19:48 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-15 19:47 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-15 19:46 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-15 19:45 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-15 19:44 . 2003-03-31 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-15 19:44 . 2003-03-31 12:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-02-15 19:44 . 2003-03-31 12:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2008-02-15 19:44 . 2001-08-17 12:50 103,296 --a--c--- C:\WINDOWS\system32\dllcache\mtxvideo.sys
2008-02-15 19:44 . 2003-03-31 12:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-02-15 19:44 . 2004-08-04 07:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-02-15 19:44 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-02-15 19:44 . 2004-08-04 07:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-02-15 19:44 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-02-15 19:44 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-02-15 19:44 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-02-15 19:42 . 2003-03-31 12:00 315,452 --a--c--- C:\WINDOWS\system32\dllcache\imskf.dll
2008-02-15 19:41 . 2003-03-31 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-15 19:40 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-15 19:39 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-15 19:38 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-02-15 19:37 . 2003-03-31 12:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-15 19:36 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-15 19:35 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-15 19:34 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-10 22:57 . 2008-02-11 22:24 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\AVG7
2008-02-10 22:56 . 2008-02-10 22:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-10 22:56 . 2008-02-10 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 22:56 . 2008-02-16 09:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-09 20:45 . 2008-02-09 20:45 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Tenebril
2008-02-09 20:36 . 2008-02-09 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-02-09 20:32 . 2008-02-09 20:32 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2008-02-09 20:32 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2008-02-09 19:25 . 2008-02-09 19:25 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Ringjacker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 07:28 --------- d-----w C:\Documents and Settings\Kevin\Application Data\MailWasherPro
2008-02-28 07:23 --------- d-----w C:\Program Files\eSignal
2008-02-28 07:18 --------- d-----w C:\Documents and Settings\Kevin\Application Data\OnlineArmor
2008-02-27 22:55 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Skype
2008-02-25 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 20:25 --------- d-----w C:\Documents and Settings\Kevin\Application Data\skypePM
2008-02-22 23:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-20 07:42 --------- d-----w C:\Program Files\Lx_cats
2008-02-16 14:19 --------- d-----w C:\Program Files\Qlock
2008-02-16 14:12 --------- d-----w C:\Program Files\MailWasher
2008-02-16 14:12 --------- d-----w C:\Program Files\Lexmark 5400 Series
2008-02-09 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-20 10:10 --------- d-----w C:\Program Files\Google
2008-01-10 23:54 921,632 ----a-w C:\PA7311.DAT
2008-01-09 23:36 30,601 ----a-w C:\Documents and Settings\Kevin\x.exe
2007-12-22 09:51 557,056 ----a-w C:\Documents and Settings\Kevin\GoToAssist_phone__306_en.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 11:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-16 19:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-02 02:05 557,056 ----a-w C:\Documents and Settings\Kevin\chatlnk.exe
2006-08-14 15:20 4,334 ----a-w C:\Program Files\Deploy4.log
2006-06-22 20:51 131,072 ----a-w C:\Documents and Settings\All Users\mapi32.dll
2006-02-13 12:08 138 ----a-w C:\Program Files\INSTALL.LOG
2006-02-12 23:31 37 ------w C:\Documents and Settings\Kevin Ford\getfile.dat
2005-06-16 11:08 4,121 ----a-w C:\Program Files\Deploy3.log
2005-02-22 20:13 3,669 ----a-w C:\Program Files\Deploy2.log
2005-01-03 13:35 3,930 ----a-w C:\Program Files\Deploy.log
2003-08-27 14:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 21:00 335872]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 15:19 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 15:18 499712]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 00:36 94208]
"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [2003-10-24 17:21 167936]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-21 19:27 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Motive SmartBridge"="C:\PROGRA~1\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe" [2006-02-06 18:52 462935]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 12:27 106496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-10 22:56 579072]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 22:56 219136]

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\MailWasher\MailWasher.exe [2007-12-20 09:23:27 5541888]
qlock.lnk - C:\Program Files\Qlock\qlock.exe [2006-03-20 09:04:32 4070912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
R3 hexmagic;hexmagic;C:\WINDOWS\system32\drivers\hexmagic.sys []
R3 PAC7311;Phenix-Q8;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 10:48]
S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Protector Plus\PPDrv.sys []
S3 PPEMSCAN;Protector Plus Email Scan Driver;C:\Protector Plus\PPEMSCAN.sys []
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 12:22]

*Newly Created Service* - HEXMAGIC
.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 22:57:20 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 22:27:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-28 22:29:16
ComboFix2.txt 2008-02-20 20:08:54
.
2008-02-13 10:16:07 --- E O F ---





and here's the HJT log.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:40, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\PROGRA~1\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Qlock\qlock.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kevin\Desktop\mobmeter.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bloomberg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bloomberg.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BT Home Hub\Help\SmartBridge\BTHelpNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} (iVocalize Web Conference 4 Setup) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in 1.4.2_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...ent1.7.20.5.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe

--
End of file - 8254 bytes



Regards
  • 0

#40
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
hmmmmm..... strange.

The problem was still evident after the Combofix and Hijackthis.

However, I updated my Spybot S+D, and ran a check. It found 1 problem called "RegistrySmart" which I fixed. (It normally doesn't ever find anything). The problem seems to have gone so far. I've rebooted the machine twice and all is ok. We'll see if it's ok in the morning.

One strange thing, I can normally double-click on the Online Armor (my firewall) icons in the system tray to bring up the configuration window. Now when I double-click (or right click) nothing happens!! So I don't seem to be able to access the window for it. If this persists I'll try to uninstall it and then re-install it again.

regards
  • 0

Advertisements


#41
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts

hmmmmm..... strange.
We'll see if it's ok in the morning.


I will wait and see, let me know :)

Harry
  • 0

#42
mrblue

mrblue

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 125 posts
Well, I'm very very surprised!!! The problem seems to have disappeared!!!

Spybot S+D has just gone up in my estimation!!!!

I shall follow the instructions to uninstall Combofix later, and uninstall and re-install my firewall.

Fingers crossed, Spybot S+D has fixed it!!!


Thanks for all your efforts Harry!


Regards
  • 0

#43
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts

Well, I'm very very surprised!!! The problem seems to have disappeared!!!


Sounds good there mrblue :)
I am closing this topic, continue to monitor performance and give me a call if needed!
Written by one of the best, check out the recommended prevention methods HERE

You did a good job there :)

Harry
  • 0

#44
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP