Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware and virus

Started by breknpoint , Nov 26 2005 08:48 PM

  • Please log in to reply

#1
breknpoint
Posted 26 November 2005 - 08:48 PM

breknpoint

    Member

  • Member
  • PipPip
  • 43 posts
I have a virus and/or malware. I have run adaware. I currently have no internet access. internet explorer and mcaffee will be give faults and close.

Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:43:55 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1107499952\ee\AOLServiceHost.exe
c:\program files\common files\aol\1107499952\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1107499952\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Christopher Hagenian\Desktop\ANTI SPYWARE\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  • 0

Advertisements

#2
Dragon
Posted 02 December 2005 - 11:41 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
hello,

Lets see if we can get you back on the net first then we will work on your other issues.

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of mdnsnsp.dll. Reboot.


Let em know if that worked for ya
  • 0

#3
breknpoint
Posted 05 December 2005 - 11:11 AM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I tried it. The file did not appear in that program. When I booted it up this last time the error changed. It now closes internet explorer and pops up a file download window. And over the file download window is an error with "microsoft intern explorer" in the header and it says internet explorer cannot download / from www.msn.com. Internet explorer was not able to open this internet site. The requested site is either unavailable or cannot be found. Please try again later.

I managed to finally get the window open and hit the stop button. tools/ internet options is unresponsive. And website gives the above error.

Thanks for helping out, I really appreciate it. Been beating my head against this thing for two weeks now.
  • 0

#4
Dragon
Posted 05 December 2005 - 11:18 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok, without rebooting your machine, post a fresh Hijack This log.

Please Do not reboot until I have said to
  • 0

#5
breknpoint
Posted 05 December 2005 - 11:52 AM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:49:37 AM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\AOL\1107499952\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Christopher Hagenian\Desktop\ANTI SPYWARE\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Lexmark International, Inc. - (no file)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - (no file)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - (no file)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - (no file)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  • 0

#6
Dragon
Posted 05 December 2005 - 12:02 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok,
First off it appears that Mcafee has been removed but not completely. The services are still trying to start yet there appears to possibly be no program for it to start.

Did you recently uninstall McAfee?

also it appears you are using AOL on this computer for internet connectivity. is this correct?
if so what version of AOL are you using on it?
are you trying to go to websites in IE or AOL's browser?

These questions will help me identify what might be going on.
  • 0

#7
breknpoint
Posted 05 December 2005 - 12:09 PM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
the computer owner tried to uninstall mcaffee, but it would not complete. I tried to finish it, but it freezes during the uninstall process. I'm soley using internet explorer. The computer is hooked to a network and I'm not using aol. The version of aol is 9.0 security edition.
  • 0

#8
Dragon
Posted 05 December 2005 - 12:14 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok, so is this system accessing the net right now? or is it completely DOA when it comes to the network?
  • 0

#9
breknpoint
Posted 05 December 2005 - 12:17 PM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
It will take an ip address. I'm using a network drive to move fines on and off the computer.
  • 0

#10
Dragon
Posted 05 December 2005 - 12:53 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok,

I need two logs from that computer.
It appears that Ewido is on that machine, could you please post the log from that. it will be in C:\Program files\Ewido\reports.

also
Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

Advertisements

#11
breknpoint
Posted 06 December 2005 - 12:18 AM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
here are the Ewido Reports. Silent runner would not work. I double clicked it for a good half hour and got the same error every time. Is there some file I can copy over to get it to work.

The error was
Line 85
Char 13
could not locate automation class named wscript.shell
code 80020009
source wscript.createobject

---------------------------------------------------------
ewido security suite - Connection report
---------------------------------------------------------

+ Created on: 11:08:16 PM, 12/5/2005
+ Report-Checksum: 2E72E8F2

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1038 127.0.0.1:11526 TIME_WAIT
TCP 127.0.0.1:1039 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11500 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11526 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11526 127.0.0.1:1042 TIME_WAIT
TCP 127.0.0.1:11527 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11528 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11529 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11530 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11531 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11532 0.0.0.0:0 LISTENING
TCP 127.0.0.1:11533 0.0.0.0:0 LISTENING
TCP 192.168.0.102:139 0.0.0.0:0 LISTENING
TCP 192.168.0.102:1032 205.188.78.143:5190 TIME_WAIT
TCP 192.168.0.102:1033 205.188.130.216:80 TIME_WAIT
TCP 192.168.0.102:1034 205.188.70.1:5190 TIME_WAIT
TCP 192.168.0.102:1037 64.236.43.55:80 ESTABLISHED
TCP 192.168.0.102:1041 205.188.98.2:80 TIME_WAIT
TCP 192.168.0.102:1044 152.163.181.217:80 ESTABLISHED
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1035
UDP 0.0.0.0:4500
UDP 127.0.0.1:123
UDP 127.0.0.1:1043
UDP 127.0.0.1:1900
UDP 192.168.0.102:123
UDP 192.168.0.102:137
UDP 192.168.0.102:138
UDP 192.168.0.102:1900

---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 11:08:23 PM, 12/5/2005
+ Report-Checksum: 73FD28F

0: System Process
4: System Process
336: C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
348: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
376: C:\Program Files\ewido\security suite\ewidoctrl.exe
384: \SystemRoot\System32\smss.exe
416: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
428: C:\Program Files\ewido\security suite\ewidoguard.exe
436: \??\C:\WINDOWS\system32\csrss.exe
464: \??\C:\WINDOWS\system32\winlogon.exe
508: C:\WINDOWS\system32\services.exe
520: C:\WINDOWS\system32\lsass.exe
560: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
684: C:\WINDOWS\system32\svchost.exe
744: C:\WINDOWS\system32\svchost.exe
808: C:\WINDOWS\System32\svchost.exe
856: C:\WINDOWS\system32\svchost.exe
944: C:\WINDOWS\system32\wdfmgr.exe
1004: C:\WINDOWS\system32\svchost.exe
1188: C:\WINDOWS\system32\svchost.exe
1212: C:\WINDOWS\Explorer.EXE
1292: C:\WINDOWS\system32\spoolsv.exe
1396: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
1404: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
1420: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
1460: C:\Program Files\Real\RealPlayer\RealPlay.exe
1488: C:\Program Files\Lexmark 6200 Series\lxbumon.exe
1524: C:\Program Files\Lexmark 6200 Series\ezprint.exe
1552: C:\WINDOWS\system32\LVCOMSX.EXE
1560: C:\WINDOWS\system32\MsPMSPSv.exe
1636: C:\Program Files\Logitech\Video\LogiTray.exe
1664: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
1700: C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
1716: System Process
1832: C:\Program Files\Logitech\Video\FxSvr2.exe
1928: C:\Program Files\Common Files\AOL\1107499952\ee\AOLServiceHost.exe
2332: C:\WINDOWS\system32\lxbucoms.exe
3208: C:\WINDOWS\System32\alg.exe
3216: C:\WINDOWS\system32\wbem\wmiprvse.exe
3304: C:\Program Files\ewido\security suite\SecuritySuite.exe
3644: C:\WINDOWS\system32\wuauclt.exe

---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 11:08:06 PM, 12/5/2005
+ Report-Checksum: 1B5FD162

Reg\HKLM\Run CTSysVol C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run HostManager C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
Reg\HKLM\Run AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Reg\HKLM\Run RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
Reg\HKLM\Run LXBUCATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
Reg\HKLM\Run lxbumon.exe "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
Reg\HKLM\Run EzPrint "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
Reg\HKLM\Run FaxCenterServer "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
Reg\HKLM\Run LVCOMSX C:\WINDOWS\system32\LVCOMSX.EXE
Reg\HKLM\Run LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
Reg\HKLM\Run LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
Reg\HKLM\Run mmtask "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
Reg\HKLM\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Reg\HKLM\Run THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
Reg\HKCU\Run LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
  • 0

#12
Dragon
Posted 06 December 2005 - 11:47 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
I've been running into that a lot lately,

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#13
breknpoint
Posted 08 December 2005 - 01:03 AM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
ok here it is

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/4/2004 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 8/9/2005 3:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/9/2005 3:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 11/10/2005 10:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/10/2005 10:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 4:00:00 AM 708096 C:\WINDOWS\SYSTEM32\NTDLL.DLL
Umonitor 8/4/2004 4:00:00 AM 657920 C:\WINDOWS\SYSTEM32\RASDLG.DLL
winsync 8/4/2004 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/7/2005 11:48:16 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
11/27/2005 12:07:10 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
11/26/2005 7:13:46 PM S 64 C:\WINDOWS\CSC\00000001
11/26/2005 6:51:48 PM S 64 C:\WINDOWS\CSC\00000002
11/27/2005 12:07:10 PM RH 749 C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
11/27/2005 12:07:10 PM RH 749 C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
11/27/2005 12:07:10 PM RH 749 C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
11/27/2005 12:07:10 PM RH 749 C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
11/27/2005 12:07:10 PM RH 749 C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
12/7/2005 11:48:06 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
12/7/2005 11:48:30 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
12/7/2005 11:48:18 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
12/7/2005 11:48:42 PM H 61440 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
12/7/2005 11:48:18 PM H 4534272 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
11/27/2005 9:11:56 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
11/2/2005 4:41:38 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\5f37f196-c095-4322-bed5-59971a3137bf
11/2/2005 4:41:38 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
11/2/2005 4:58:06 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\27918660-8f8c-4e70-9aef-47d669d406c0
11/2/2005 4:58:06 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
12/7/2005 11:47:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 549888 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
Logitech Inc. 6/1/2004 11:02:30 AM 282624 C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation 8/4/2004 4:00:00 AM 135168 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 155136 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 4:00:00 AM 358400 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 129536 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 380416 C:\WINDOWS\SYSTEM32\IRPROPS.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 618496 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 114688 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Intel® Corporation 3/2/2004 10:39:06 AM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
RealNetworks, Inc. 2/3/2005 11:53:54 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 8/4/2004 4:00:00 AM 298496 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 4:00:00 AM 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Creative Technology Ltd. 2/18/2004 8:52:50 AM 176128 C:\WINDOWS\SYSTEM32\USBAudio.cpl
Microsoft Corporation 8/4/2004 4:00:00 AM 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Intel Corporation 2/10/2004 10:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/11/2004 4:15:06 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/11/2004 4:07:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
8/11/2004 4:15:06 PM HS 84 C:\Documents and Settings\Christopher Hagenian\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
8/11/2004 4:07:12 PM HS 62 C:\Documents and Settings\Christopher Hagenian\Application Data\DESKTOP.INI
2/5/2005 8:50:46 PM 12358 C:\Documents and Settings\Christopher Hagenian\Application Data\PFP120JCM.{PB
2/5/2005 8:50:46 PM 61678 C:\Documents and Settings\Christopher Hagenian\Application Data\PFP120JPR.{PB

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\Shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\Browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\Browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTSysVol C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
HostManager C:\Program Files\Common Files\AOL\1107499952\ee\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
LXBUCATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
lxbumon.exe "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
FaxCenterServer "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
EzPrint "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
LVCOMSX C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
mmtask "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/7/2005 11:56:01 PM
  • 0

#14
Dragon
Posted 08 December 2005 - 07:26 AM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
I think the bad uninstall attempt with Mcafee may be what is causing the problem..

so lets get all traces of that removed from the computer, and install a free AV program like Avast! or AVG

let me know if yoiu have any problems removing any part of mcafee, I have run into problems with mcafee not wanting to uninstall before so I have ways of removing it without wiping the entire HDD.
  • 0

#15
breknpoint
Posted 08 December 2005 - 11:45 AM

breknpoint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
AVG is asking for the installation package "files.dat" Is this a windows installation file? where can I find it
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP