Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log Check


  • Please log in to reply
5 replies to this topic

#1 cabra

cabra

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 October 2005 - 07:29 AM

could these two logs be checked please .comp slow to boot . would like to know if it is clean
gfile of HijackThis v1.99.1
Scan saved at 13:27:54, on 10/17/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-GB\MSNAPPAU.EXE
C:\PROGRAM FILES\NIKON\PICTUREPROJECT\NKBMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN7\YCOMP5_6_0_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~2\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://real.gamehouse.com/games/luxor/mjolauncher.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = megavia
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 80.58.0.33,80.58.32.97

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 07/09/2004 14:17:16 13265040 c:\dxnt.cab

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 08/18/2005 14:24:00 15636721 c:\windows\VPTNFILE.791
qoologic 08/18/2005 14:24:00 15636721 c:\windows\VPTNFILE.791
SAHAgent 08/18/2005 14:24:00 15636721 c:\windows\VPTNFILE.791
PEC2 05/19/2001 20:08:44 6656 c:\windows\pcboot.exe
UPX! 04/14/2005 21:51:12 1044560 c:\windows\vsapi32.dll
aspack 04/14/2005 21:51:12 1044560 c:\windows\vsapi32.dll
UPX! 04/14/2005 21:51:16 170053 c:\windows\tsc.exe

Items found in c:\windows\hosts

UPX! 05/03/2005 11:44:44 25157 c:\windows\RMAgentOutput.dll
PECompact2 08/18/2005 14:24:00 15636721 c:\windows\lpt$vpn.791
qoologic 08/18/2005 14:24:00 15636721 c:\windows\lpt$vpn.791
SAHAgent 08/18/2005 14:24:00 15636721 c:\windows\lpt$vpn.791

Checking %System% folder...
aspack 09/20/2004 11:18:42 567808 c:\windows\SYSTEM\Incinerator.dll
qoologic 04/15/2005 16:35:20 10347891 c:\windows\SYSTEM\pav.sig
aspack 04/15/2005 16:35:20 10347891 c:\windows\SYSTEM\pav.sig
SAHAgent 04/15/2005 16:35:20 10347891 c:\windows\SYSTEM\pav.sig
winsync 04/15/2005 16:35:20 10347891 c:\windows\SYSTEM\pav.sig
aspack 10/10/2005 19:41:04 294912 c:\windows\SYSTEM\trjscan.trb
aspack 08/05/2005 15:18:10 348672 c:\windows\SYSTEM\trupd.trb
UPX! 08/22/2004 15:49:10 27136 c:\windows\SYSTEM\PCWizard.cpl

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/17/2005 13:52:22 RH 9203744 c:\windows\SYSTEM.DAT
10/17/2005 13:57:10 RH 1597472 c:\windows\USER.DAT
10/16/2005 23:01:38 H 687140 c:\windows\ShellIconCache
09/14/2005 18:12:36 H 4212 c:\windows\SYSTEM\zllictbl.dat
10/16/2005 16:53:14 H 8628 c:\windows\HELP\SECAUTH.GID
09/21/2005 22:20:16 HS 1092 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
10/17/2005 14:05:42 H 440 c:\windows\Application Data\Microsoft\MSN Messenger\1827593998\sqmdata00.sqm
09/24/2005 19:21:54 HS 67 c:\windows\Temporary Internet Files\desktop.ini
09/25/2005 10:03:56 HS 67 c:\windows\Temporary Internet Files\Content.IE5\desktop.ini
09/25/2005 10:04:08 HS 67 c:\windows\Temporary Internet Files\Content.IE5\N793397L\desktop.ini
09/25/2005 10:04:08 HS 67 c:\windows\Temporary Internet Files\Content.IE5\YCMKHKHL\desktop.ini
09/25/2005 10:04:08 HS 67 c:\windows\Temporary Internet Files\Content.IE5\WZSTM1Q3\desktop.ini
10/15/2005 19:23:06 HS 82 c:\windows\History\desktop.ini
10/15/2005 19:24:54 HS 113 c:\windows\History\History.IE5\desktop.ini
10/02/2005 21:11:24 H 6 c:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/23/1999 22:22:00 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 08/29/2002 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 04/23/1999 22:22:00 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 04/23/1999 22:22:00 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 04/23/1999 22:22:00 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 04/23/1999 22:22:00 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 04/23/1999 22:22:00 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 04/23/1999 22:22:00 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 04/23/1999 22:22:00 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 04/23/1999 22:22:00 103424 c:\windows\SYSTEM\MAIN.CPL
04/23/1999 22:22:00 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 04/23/1999 22:22:00 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 04/23/1999 22:22:00 37376 c:\windows\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 04/23/1999 22:22:00 15360 c:\windows\SYSTEM\THEMES.CPL
Microsoft Corporation 04/23/1999 22:22:00 14848 c:\windows\SYSTEM\TELEPHON.CPL
Apple Computer, Inc. 08/27/1996 02:12:00 R 259280 c:\windows\SYSTEM\QTW16.CPL
Apple Computer, Inc. 09/23/2004 18:57:40 323072 c:\windows\SYSTEM\QuickTime.cpl
03/09/1999 11:55:42 33280 c:\windows\SYSTEM\PTCTRL.CPL
Microsoft Corporation 10/30/2001 08:10:00 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 02/10/1999 11:48:48 40960 c:\windows\SYSTEM\FINDFAST.CPL
Intel Corporation 07/17/2002 07:54:10 94208 c:\windows\SYSTEM\igfxcpl.cpl
Sun Microsystems, Inc. 06/03/2005 03:52:54 49265 c:\windows\SYSTEM\jpicpl32.cpl
Microsoft Corporation 02/20/2003 17:39:50 32768 c:\windows\SYSTEM\odbccp32.cpl
Razer Inc. 12/16/2004 22:52:16 53248 c:\windows\SYSTEM\razer.cpl
Logitech Inc. 01/18/2005 17:36:14 282624 c:\windows\SYSTEM\camcpl.cpl
8 08/22/2004 15:49:10 27136 c:\windows\SYSTEM\PCWizard.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
10/14/2005 11:22:38 529 C:\WINDOWS\Start Menu\Programs\StartUp\NkbMonitor.exe.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/08/2005 13:25:44 0 C:\WINDOWS\Application Data\dm.ini
10/16/2005 17:55:16 5789 C:\WINDOWS\Application Data\dw.log
09/20/2005 15:16:00 24632 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\UltimateZip
{2F860D81-AF3C-11D4-BDB3-00E0987D8540} = C:\PROGRA~2\ULTIMA~1.7\UZSHLEX.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Eraseex
{ECDF2E20-C829-11D1-8233-0030AF3E97A8} = C:\Program Files\Clean Disk Security\eraseex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~2\TROJAN~1\TRSHLEX.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Program Files\PowerArchiver\PASHLEXT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UltimateZip
{2F860D81-AF3C-11D4-BDB3-00E0987D8540} = C:\PROGRA~2\ULTIMA~1.7\UZSHLEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Eraseex
{ECDF2E20-C829-11D1-8233-0030AF3E97A8} = C:\Program Files\Clean Disk Security\eraseex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~2\TROJAN~1\TRSHLEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = C:\Program Files\PowerArchiver\PASHLEXT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ScanMenu
{48f45200-91e6-11ce-8a4f-0080c81a28d4} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn7\ycomp5_6_0_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN7\YCOMP5_6_0_0.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{A58686ED-FC46-44C3-95C6-4A812AB776F1} = WebFerret : C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11D0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{43F02779-6D88-4958-8AD3-83C12D86ADC7} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN7\YCOMP5_6_0_0.DLL
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{A58686ED-FC46-44C3-95C6-4A812AB776F1} = WebFerret : C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
{43F02779-6D88-4958-8AD3-83C12D86ADC7} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
AVG7_CC C:\PROGRA~2\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
SystemTray SysTray.Exe
TaskMonitor c:\windows\taskmon.exe
WinPatrol "C:\PROGRA~2\BILLPS~1\WINPAT~1\WinPatrol.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
msnappau "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
Adaptec DirectCD C:\Program Files\DirectCD\DIRECTCD.EXE
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
IgfxTray c:\windows\SYSTEM\igfxtray.exe
CHotKey mk9805.exe
CriticalUpdate c:\windows\SYSTEM\wucrtupd.exe -startup
Tweak UI RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HotKeysCmds c:\windows\SYSTEM\hkcmd.exe
TrojanScanner C:\Program Files\Trojan Remover\Trjscan.exe
LVCOMSX c:\windows\SYSTEM\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
TrueVector C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
KB891711 c:\windows\SYSTEM\KB891711\KB891711.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
LogitechSoftwareUpdate "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
Windows Registry Repair Pro C:\PROGRAM FILES\3B SOFTWARE\WINDOWS REGISTRY REPAIR PRO\REGISTRYREPAIRPRO.EXE 4
Cacheman C:\PROGRA~2\CACHEMAN\Cacheman.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun E
NoSetActiveDesktop E
CDRAutoRun
NoSaveSettings 0
ClearRecentDocsOnExit 
NoTrayContextMenu 0

EditLevel 0
NoRun 0
NoClose 0
NoFileMenu 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
NoFileSharing 1
NoPrintSharing 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*Grinler KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/17/2005 14:12:51

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:44 PM

Posted 21 October 2005 - 08:16 AM

I need to check out some files listed in the Winpfind log.

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


c:\windows\pcboot.exe
c:\windows\SYSTEM\Incinerator.dll
c:\windows\SYSTEM\PCWizard.cpl



Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

Then,



Do you know what this is for and if it needs to be running?

O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

If you do not need it, may want to disable it along with these in msconfig:


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"

#3 cabra

cabra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 25 October 2005 - 04:26 PM

I need to check out some files listed in the Winpfind log.

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


c:\windows\pcboot.exe
c:\windows\SYSTEM\Incinerator.dll
c:\windows\SYSTEM\PCWizard.cpl



Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

Then,



Do you know what this is for and if it needs to be running?

O4 - Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

If you do not need it, may want to disable it along with these in msconfig:


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:44 PM

Posted 25 October 2005 - 04:28 PM

May want to fix that post as I i just see what I wrote :thumbsup:

Those three files you sent me are safe.

#5 cabra

cabra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 26 October 2005 - 10:52 AM

Sorry about the last post --finger trouble.
Thanks for your reply, the 04 entry startup:nkbmonitor.exe etc was installed with the software for my nikon digital camera , don't know if its necessary or not.
I think my slow running has improved . I had run trojan remover prior to posting and it returned nothing , but I ran it again after posting the files you requested and removing the others and it found a trojan--- which I have removed. thankyou again

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:44 PM

Posted 26 October 2005 - 12:04 PM

If you do not need the nikon program running automatically, you can disable it via msconfig. If there is nothing else that I can help you with, please follow all these steps:

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users