Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DLL UMonitor problems [resolved]


  • Please log in to reply

#1
woodjay

woodjay

    Member

  • Member
  • PipPip
  • 12 posts
Happy New Year, I am extremely happy to have found your site and am a first time poster. I have the same problem as a number of posters, that is the "An exception occurred while trying to run "C:\Windows\system32\xxxxxxxx.dll, UMonitor" error messgae whenever I start up. The file is aklways a dll and usually has eight characters including some numbers. When I go to system32 to try and delete the file it will not delete, and when I shut down and restatr in safe mode the file has disappeared. There are a number of dlls appearing in the system32 directory, with similar names, all 218kb, I have just noticed that guard.tmp has created itself in my system32 directory as I have just restarted the computer.
I have done a scan with Adaware and when I tell it to delete the files found it does this but at the same time the icons on the desktop disappear for a few seconds they return ansd at the same time "my documents" opens.
Spy Sweeper has found an application called AAW located in HKLM: run Once, but cannot remove it, it seems to spawn itself.
On occasions when I put stuff into the recycle bin the files just disappear and also occasionally Norton Internet Security Professional and Norton Anti-Virus shut themselves down without letting me know. I also have a red "attention" against Norton Anti Virus in the System Status screen of NISP, when I click on "detailed status" it tells me everything is fine. Are all these things connected?
MyHJT log is below
Logfile of HijackThis v1.98.2
Scan saved at 18:04:37, on 04/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
D:\TotalRecorder\TotRecSched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\T-ONLINE\BSW4\ToADiMon.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
D:\WINDOWS\MXOALDR.EXE
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Microsoft FactFinder\ff.exe
D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
D:\Palm\HOTSYNC.EXE
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\WINDOWS\system32\rundll32.exe
C:\unzipped\hijackthis\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Symantec Shared\NMain.exe
D:\Program Files\Common Files\Symantec Shared\NMain.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Agent] D:\Program Files\Medion\PowerVCR II\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] D:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [mmtask] D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ToADiMon.exe] D:\T-ONLINE\BSW4\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] D:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVD43] D:\Program Files\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FactFinder] D:\Program Files\Microsoft FactFinder\ff.exe /s
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: HotSync Manager.LNK = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\Msjava.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - D:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.liverpoolfc.tv
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0659AB9-B491-4447-BA2C-777EB6DDF795}: NameServer = 62.27.27.62 62.27.53.66

Any advice/help would be gratefully received
  • 0

Advertisements


#2
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here are the logs for Giant AntiSpyware

04/01/2005 18:34:03::------------------------------------------------------------------
04/01/2005 18:34:03::Initializing Clean - (ScanID: 0E4FF05A-6E54-4ED4-9928-A949D6)
04/01/2005 18:34:03::Clean Threat Possible Browser Hijack (ID:14831)
04/01/2005 18:34:04::Terminating IE
04/01/2005 18:34:04::Run custom cleaner Internet Explorer SearchAssistant: (148311)
04/01/2005 18:34:04::Restore IE URL settings
04/01/2005 18:34:04::Clean Threat Possible Browser Hijack (ID:14831) Complete
04/01/2005 18:34:04::Unititializing Clean
04/01/2005 18:34:04::------------------------------------------------------------------


429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:52:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:54:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:55:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:55:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:58:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:58:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:58:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:58:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:58:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:58:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:59:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:59:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:59:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:14:59:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:00:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:00:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:01:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:02:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:03:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:05:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:07:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:07:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:08:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:08:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:10:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:10:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:11:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:12:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:12:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:13:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:13:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:14:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:14:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:15:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:16:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:16:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:17:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:17:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:18:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:19:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:19:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:20:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:20:1.0.247
429::ln 0:ActiveX component can't create object::gcASThreatAudit:modGeneticFingerPrints:IsFileFingerPrintThreat::04/01/2005 18:15:21:1.0.247

Adaware Log to follow
  • 0

#3
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Your log doesn't look bad, but you downloaded an old version of Hijack This. I don't need the Adaware log. Click in my signature for the newest version of Hijack This making sure you install it over the old version. Run it and post a new log.
  • 0

#4
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the Adaware logfile, is there anything else you need?
Thanks in advance for any help you can offer


Ad-Aware SE Build 1.05
Logfile Created on:04 January 2005 18:35:36
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):52 total references
Tracking Cookie(TAC index:3):1 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


04/01/2005 18:35:36 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 844
ThreadCreationTime : 04/01/2005 16:32:55
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\D:\WINDOWS\system32\
ProcessID : 952
ThreadCreationTime : 04/01/2005 16:33:06
BasePriority : High


VX2 Object Recognized!
Type : Process
Data : hr4205hoe.dll
Category : Malware
Comment : (CSI MATCH)
Object : D:\WINDOWS\system32\


Warning! VX2 Object found in memory(D:\WINDOWS\system32\hr4205hoe.dll)


#:3 [services.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 04/01/2005 16:33:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 04/01/2005 16:33:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1168
ThreadCreationTime : 04/01/2005 16:33:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 1292
ThreadCreationTime : 04/01/2005 16:33:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [incdsrv.exe]
FilePath : D:\Program Files\Ahead\InCD\
ProcessID : 1316
ThreadCreationTime : 04/01/2005 16:33:12
BasePriority : Normal
FileVersion : 4, 3, 0, 5
ProductVersion : 4, 3, 0, 5
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:8 [spoolsv.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 04/01/2005 16:33:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:9 [ccproxy.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 1868
ThreadCreationTime : 04/01/2005 16:33:19
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:10 [ccsetmgr.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 1900
ThreadCreationTime : 04/01/2005 16:33:19
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:11 [navapsvc.exe]
FilePath : D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\
ProcessID : 1944
ThreadCreationTime : 04/01/2005 16:33:19
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:12 [nprotect.exe]
FilePath : D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\
ProcessID : 2004
ThreadCreationTime : 04/01/2005 16:33:20
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:13 [nvsvc32.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 212
ThreadCreationTime : 04/01/2005 16:33:28
BasePriority : Normal
FileVersion : 6.13.10.3150
ProductVersion : 6.13.10.3150
ProductName : NVIDIA Driver Helper Service, Version 31.50
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 31.50
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:14 [savscan.exe]
FilePath : D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\
ProcessID : 348
ThreadCreationTime : 04/01/2005 16:33:28
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:15 [sndsrvc.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 412
ThreadCreationTime : 04/01/2005 16:33:28
BasePriority : Normal
FileVersion : 5.4.3.11
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:16 [svchost.exe]
FilePath : D:\WINDOWS\System32\
ProcessID : 468
ThreadCreationTime : 04/01/2005 16:33:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [symlcsvc.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 528
ThreadCreationTime : 04/01/2005 16:33:29
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:18 [ccevtmgr.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 648
ThreadCreationTime : 04/01/2005 16:33:29
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:19 [symwsc.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 692
ThreadCreationTime : 04/01/2005 16:33:30
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:20 [hpgs2wnd.exe]
FilePath : D:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 2944
ThreadCreationTime : 04/01/2005 16:33:53
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:21 [soundman.exe]
FilePath : D:\WINDOWS\
ProcessID : 2968
ThreadCreationTime : 04/01/2005 16:33:53
BasePriority : Normal
FileVersion : 5.0.12
ProductVersion : 5.0.12
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2002 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:22 [hpgs2wnf.exe]
FilePath : D:\PROGRA~1\HEWLET~1\HPSHAR~1\
ProcessID : 2992
ThreadCreationTime : 04/01/2005 16:33:54
BasePriority : Normal
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:23 [mmtask.exe]
FilePath : D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 3028
ThreadCreationTime : 04/01/2005 16:33:54
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:24 [totrecsched.exe]
FilePath : D:\TotalRecorder\
ProcessID : 3064
ThreadCreationTime : 04/01/2005 16:33:54
BasePriority : Normal
FileVersion : 4, 4, 0, 1
ProductVersion : 4, 4, 0, 1
ProductName : Total Recorder
CompanyName : High Criteria inc.
FileDescription : Total Recorder scheduler
InternalName : TotRecSched
LegalCopyright : Copyright © High Criteria inc.,1998-2003
OriginalFilename : TotRecSched.exe

#:25 [ccapp.exe]
FilePath : D:\Program Files\Common Files\Symantec Shared\
ProcessID : 3096
ThreadCreationTime : 04/01/2005 16:33:54
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:26 [toadimon.exe]
FilePath : D:\T-ONLINE\BSW4\
ProcessID : 3180
ThreadCreationTime : 04/01/2005 16:33:55
BasePriority : Normal
FileVersion : 1.07.10
ProductVersion : 1.00
ProductName : Marmiko IT-Solutions GmbH DialAssistent Component
CompanyName : Marmiko IT-Solutions GmbH
FileDescription : T-Online Verbindungsassistent
InternalName : ToADiMon
LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000, 2001
OriginalFilename : ToADiMon.EXE

#:27 [point32.exe]
FilePath : D:\Program Files\Microsoft IntelliPoint\
ProcessID : 3308
ThreadCreationTime : 04/01/2005 16:33:55
BasePriority : Normal


#:28 [qttask.exe]
FilePath : D:\Program Files\QuickTime\
ProcessID : 3344
ThreadCreationTime : 04/01/2005 16:33:55
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [onetouch.exe]
FilePath : D:\PROGRA~1\Maxtor\OneTouch\Utils\
ProcessID : 3400
ThreadCreationTime : 04/01/2005 16:33:55
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : Maxtor OneTouch
CompanyName : Maxtor
FileDescription : Maxtor OneTouch Detection
InternalName : ComboButton
LegalCopyright : Copyright © 2003 Maxtor Corp.
OriginalFilename : OneTouch.EXE

#:30 [mxoaldr.exe]
FilePath : D:\WINDOWS\
ProcessID : 3468
ThreadCreationTime : 04/01/2005 16:33:56
BasePriority : Normal
FileVersion : 6.00.1010.0
ProductVersion : 6.00.1010.0
ProductName : MXO Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Maxtor MXO Auto Loader Application
InternalName : MXOALDR.EXE
LegalCopyright : Copyright © 1998-2002 Cypress Semiconductor
OriginalFilename : MXOALDR.EXE

#:31 [jusched.exe]
FilePath : D:\Program Files\Java\j2re1.4.2_06\bin\
ProcessID : 3500
ThreadCreationTime : 04/01/2005 16:33:56
BasePriority : Normal


#:32 [msnappau.exe]
FilePath : D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\
ProcessID : 3528
ThreadCreationTime : 04/01/2005 16:33:56
BasePriority : Normal


#:33 [realsched.exe]
FilePath : D:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3548
ThreadCreationTime : 04/01/2005 16:33:57
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:34 [lvcomsx.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 3564
ThreadCreationTime : 04/01/2005 16:33:57
BasePriority : Normal
FileVersion : 8.3.0.1096
ProductVersion : 8.3.0.1096
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:35 [logitray.exe]
FilePath : D:\Program Files\Logitech\Video\
ProcessID : 3620
ThreadCreationTime : 04/01/2005 16:33:57
BasePriority : Normal
FileVersion : 8.3.0.1098
ProductVersion : 8.3.0.1098
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:36 [incd.exe]
FilePath : D:\Program Files\Ahead\InCD\
ProcessID : 3628
ThreadCreationTime : 04/01/2005 16:33:57
BasePriority : Normal
FileVersion : 4, 3, 0, 5
ProductVersion : 4, 3, 0, 5
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe

#:37 [ituneshelper.exe]
FilePath : D:\Program Files\iTunes\
ProcessID : 3656
ThreadCreationTime : 04/01/2005 16:33:58
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:38 [gcasserv.exe]
FilePath : D:\Program Files\GIANT Company Software\GIANT AntiSpyware\
ProcessID : 3664
ThreadCreationTime : 04/01/2005 16:33:58
BasePriority : Idle
FileVersion : 1.00.0349
ProductVersion : 1.00.0349
ProductName : GIANT AntiSpyware Service
CompanyName : GIANT Company Software inc.
FileDescription : GIANT AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc.
OriginalFilename : gcasServ.exe
Comments : GIANT AntiSpyware created by GIANT Company Software inc.

#:39 [ipodservice.exe]
FilePath : D:\Program Files\iPod\bin\
ProcessID : 3832
ThreadCreationTime : 04/01/2005 16:33:59
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:40 [spysweeper.exe]
FilePath : D:\Program Files\Webroot\Spy Sweeper\
ProcessID : 3904
ThreadCreationTime : 04/01/2005 16:33:59
BasePriority : Normal
FileVersion : 3.5.0.189
ProductVersion : 3.5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2004 Webroot Software, Inc.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.

#:41 [acrotray.exe]
FilePath : D:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 3988
ThreadCreationTime : 04/01/2005 16:34:00
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:42 [spysub.exe]
FilePath : C:\Program Files\InterMute\SpySubtract\
ProcessID : 4088
ThreadCreationTime : 04/01/2005 16:34:03
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:43 [wzqkpick.exe]
FilePath : D:\Program Files\WinZip\
ProcessID : 248
ThreadCreationTime : 04/01/2005 16:34:03
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:44 [gcasdtserv.exe]
FilePath : D:\Program Files\GIANT Company Software\GIANT AntiSpyware\
ProcessID : 336
ThreadCreationTime : 04/01/2005 16:34:04
BasePriority : Normal
FileVersion : 1.00.0411
ProductVersion : 1.00.0411
ProductName : GIANT AntiSpyware
CompanyName : GIANT Company Software inc.
FileDescription : GIANT AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc.
OriginalFilename : gcasDtServ.exe
Comments : GIANT AntiSpyware created by GIANT Company Software inc.

#:45 [hotsync.exe]
FilePath : D:\Palm\
ProcessID : 548
ThreadCreationTime : 04/01/2005 16:34:04
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:46 [fxsvr2.exe]
FilePath : D:\Program Files\Logitech\Video\
ProcessID : 2456
ThreadCreationTime : 04/01/2005 16:34:30
BasePriority : Normal
FileVersion : 8.3.0.1098
ProductVersion : 8.3.0.1098
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE

#:47 [giantantispywaremain.exe]
FilePath : D:\Program Files\GIANT Company Software\GIANT AntiSpyware\
ProcessID : 572
ThreadCreationTime : 04/01/2005 17:11:48
BasePriority : Normal
FileVersion : 1.00.0301
ProductVersion : 1.00.0301
ProductName : GIANT AntiSpyware
CompanyName : GIANT Company Software, inc.
FileDescription : GIANT AntiSpyware
InternalName : GIANTAntiSpywareMain
LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc. All rights reserved.
OriginalFilename : GIANTAntiSpywareMain.exe
Comments : GIANT AntiSpyware created by GIANT Company Software inc.

#:48 [ad-aware.exe]
FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2076
ThreadCreationTime : 04/01/2005 17:18:55
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:49 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 812
ThreadCreationTime : 04/01/2005 17:27:14
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:50 [hh.exe]
FilePath : D:\WINDOWS\
ProcessID : 1000
ThreadCreationTime : 04/01/2005 17:32:15
BasePriority : Normal
FileVersion : 5.2.3790.1159 (dnsrv.040209-1620)
ProductVersion : 5.2.3790.1159
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

#:51 [notepad.exe]
FilePath : D:\WINDOWS\system32\
ProcessID : 2508
ThreadCreationTime : 04/01/2005 17:34:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-842925246-1326574676-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : D:\Documents and Settings\woodjay\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : D:\Documents and Settings\woodjay\recent
Description : list of recently opened documents



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 53


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : woodjay@cgi-bin[1].txt
Category : Data Miner
Comment :
Value : D:\Documents and Settings\woodjay\Local Settings\Temp\Cookies\woodjay@cgi-bin[1].txt

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 54


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 54


Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
690 entries scanned.
New critical objects:0
Objects found so far: 54




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 55

19:06:00 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:30:24.250
Objects scanned:195259
Objects identified:2
Objects ignored:0
New critical objects:2
  • 0

#5
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Apologies didn't see your post before I put on the adaware log..
Here is the new HJT log
Logfile of HijackThis v1.99.0
Scan saved at 19:34:25, on 04/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
D:\TotalRecorder\TotRecSched.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\T-ONLINE\BSW4\ToADiMon.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
D:\WINDOWS\MXOALDR.EXE
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
D:\Palm\HOTSYNC.EXE
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\rundll32.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - D:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Agent] D:\Program Files\Medion\PowerVCR II\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] D:\Program Files\Medion\PowerVCR II\RemoteAgent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [mmtask] D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ToADiMon.exe] D:\T-ONLINE\BSW4\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] D:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVD43] D:\Program Files\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FactFinder] D:\Program Files\Microsoft FactFinder\ff.exe /s
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: HotSync Manager.LNK = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\Msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\Msjava.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - D:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.liverpoolfc.tv
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.music...NugsActiveX.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0659AB9-B491-4447-BA2C-777EB6DDF795}: NameServer = 62.27.27.62 62.27.53.66
O23 - Service: Symantec Event Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher - Unknown - D:\Program Files\Dantz\Retrospect\retrorun.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
While running Adaware I got the following error message twice, is it related and/or relevant?
"To help protect your computer Windows has closed this program:
Name: Run a DLL as an App
Publisher: Microsoft"
It didn't seem to affect anything.
Thanks
  • 0

#7
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Do me a favor: scan this file and see if is infected. I may be putting my stupidity out on a limb, but if you could do it, I'd be grateful.

D:\Program Files\Microsoft FactFinder\ff.exe
  • 0

#8
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Scanned it with NAV nothing showed, NAV is no longer showing that it needs attention
thanks for the quick reply
  • 0

#9
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I would get rid of this running Hijack this:

O15 - Trusted Zone: *.liverpoolfc.tv

Get rid of your temp. files and reboot.

How is the computer running?
  • 0

#10
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Computer is running OK but sometimes IE locks up. The entry you mention is for a reputable site http://www.liverpoolfc.tv but will delete and delete my temp files
thanks...will post again after rebooting
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
I think this is the problem:

VX2 Object Recognized!
Type : Process
Data : hr4205hoe.dll
Category : Malware
Comment : (CSI MATCH)
Object : D:\WINDOWS\system32\


Warning! VX2 Object found in memory(D:\WINDOWS\system32\hr4205hoe.dll)

Download and unzip
http://castlecops.co...It NT-2K-XP.zip
Double-click on find.bat inside the folder to run it. It should run for a while, then open a text document. Please copy and paste the contents of that document here.

Regards,

Pieter
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
It may be a reputable site, but this is what www.bleepingcomputer.com says about trusted zones. It's all a matter of personal comfort. I'll let Metallica take over your log. :tazz:


This section corresponds to sites or IP addresses in the Internet Explorer Trusted Zone.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone..

Which key, Domains or Ranges, is used by Internet Explorer is determined by the URL that the user is trying to reach. If the URL contains a domain name then it will search in the Domains subkeys for a match. If it contains an IP address it will search the Ranges subkeys for a match. When domains are added as a Trusted Site or Restricted they are assigned a value to signify that. If they are assigned a *=4 value, that domain will be entered into the Restricted Sites zone. If they are given a *=2 value, then that domain will be added to the Trusted Sites zone.

Adding an IP address works a bit differently. Under the SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges key you may find other keys called Ranges1, Ranges2, Ranges3, Ranges4,... Each of these subkeys correspond to a particular security zone/protocol. If you add an IP address to a security zone, Windows will create a subkey starting with Ranges1 and designate that subkey as the one that will contain all IP addresses of a particular security zone for a particular protocol. For example, if you added http://192.168.1.1 as a trusted sites, Windows would create the first available Ranges key (Ranges1) and add a value of http=2. Any future trusted http:// IP addresses will be added to the Range1 key. Now if you added an IP address to the Restricted sites using the http protocol (ie. http://192.16.1.10), Windows would create another key in sequential order, called Range2. This would have a value of http=4 and any future IP addresses added to the restricted sites will be placed in that key. This continues on for each protocol and security zone setting combination.

If you ever see any domains or IP addresses listed here you should generally remove it unless it is a recognizable URL such as one your company uses. The most common listing you will find here are free.aol.com which you can have fixed if you want. I personally remove all entries from the Trusted Zone as they are ultimately unnecessary to be there.
  • 0

#13
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Coachwife6, thanks for your help,
Hello Pieter
when I restarted IE I got the error message again this time for file ccmres.dll,UMonitor
there was no programme "Find.exe" si I ran "FindVX2.exe" is this OK? The log is below:

---------------- FindVX2 NT-2K-XP ----------------

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

***** Operating System *****


********* Date/Time ********


*********** Path ***********

FindVX2.bat is running from: D:\WINDOWS\system32

------- System Files in System32 Directory -------

Volume in drive D is BACKUP
Volume Serial Number is 0C63-54DD

Directory of D:\WINDOWS\System32

04/01/2005 20:26 223,315 hr2o05f3e.dll
04/01/2005 17:31 222,990 j4n20e5oeh.dll
19/12/2004 07:50 <DIR> dllcache
08/11/2004 18:28 <DIR> Microsoft
2 File(s) 446,305 bytes
2 Dir(s) 16,215,601,152 bytes free

------- Hidden Files in System32 Directory -------

Volume in drive D is BACKUP
Volume Serial Number is 0C63-54DD

Directory of D:\WINDOWS\System32

19/12/2004 07:50 <DIR> dllcache
08/11/2004 18:27 <DIR> GroupPolicy
01/02/2003 11:03 488 logonui.exe.manifest
01/02/2003 11:03 488 WindowsLogon.manifest
01/02/2003 11:03 749 nwc.cpl.manifest
01/02/2003 11:03 749 sapi.cpl.manifest
01/02/2003 11:03 749 ncpa.cpl.manifest
01/02/2003 11:03 749 cdplayer.exe.manifest
01/02/2003 11:03 749 wuaucpl.cpl.manifest
7 File(s) 4,721 bytes
2 Dir(s) 16,215,601,152 bytes free

--------------- Files Named "Guard" --------------

Volume in drive D is BACKUP
Volume Serial Number is 0C63-54DD

Directory of D:\WINDOWS\System32


-------- Temp Files in System32 Directory --------

Volume in drive D is BACKUP
Volume Serial Number is 0C63-54DD

Directory of D:\WINDOWS\System32

22/09/2004 18:45 253,688 setb0.tmp
1 File(s) 253,688 bytes
0 Dir(s) 16,215,597,056 bytes free

------------------- User Agent -------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{97C172D1-754F-4F9B-8B71-08F534E9E255}"=""

--------------- Keys Under Notify ----------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\j4n20e5oeh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

------------ Shell Extensions Approved -----------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{7308170A-0F9E-45F5-8053-5DF101C5C109}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"

--------------- Locate.com Results ---------------

---------------- FindVX2 NT-2K-XP ----------------
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
I think I have what I need.
Please follow the instructions in the order they are posted.

Download and unzip:
http://www.downloads...org/KillBox.zip
Run killbox and paste each of these lines into the box, select delete on reboot then press the red X button, when it says reboot now, say no and continue to paste the lines into the box in turn and follow the above procedure every time, after the last line has been pasted let it reboot.

D:\WINDOWS\System32\hr2o05f3e.dll
D:\WINDOWS\System32\j4n20e5oeh.dll <= save till last

After the reboot copy and paste the text in bold below into a text editor such as Notepad.
Save this text as FixVX2.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Double-click on FixVX2.reg. When it asks you to merge the information to the registry click Yes.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{97C172D1-754F-4F9B-8B71-08F534E9E255}"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Group Policy]


Download VX2Finder from:
http://www.downloads...g/VX2Finder.exe
Run it and use the Restore Policy button

Then copy & paste the text in bold below into notepad and save it as recyclerem.bat
(Set filetype to "All Files")


attrib -r -s -h %systemdrive%\Recycler
del %systemdrive%\Recycler
attrib -r -s -h %systemdrive%\Recycled
del %systemdrive%\Recycled
shutdown /r /t 0 /f


Close all programs and doubleclick recyclerem.bat

Your computer will reboot and you will have a shiny new (empty) recycle bin.

Regards,

Pieter
  • 0

#15
woodjay

woodjay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Many thanks Pieter
Here goes.....
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP