Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is This Trouble?


  • Please log in to reply
8 replies to this topic

#1 Reena

Reena

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:08:58 AM

Posted 01 November 2005 - 12:16 PM

Even though I have Broadband my PC has been crawling. I have used Anti spyware "Scan Spyware" and have Zone Alarm (free) and AVG (free) installed. Ad Aware , for some reason , I cannot use. Iusedt o have it installed and thought it brilliant then it started freezing when I downloaded updates. Spyware S & D (is that correct) won`t work either. That is why I have the others installed.

I have a sneaking suspicion that there are some new entries in my Hijack listing and would be so grateful if you could offer me some advice, please. My thanks in advance,

Logfile of HijackThis v1.99.1
Scan saved at 17:00:14, on 11/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O9 - Extra button: Save Link in Favorites Zoomer - {4282A6FA-0E0C-4b14-A966-2E6C1210356A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Save Link in Favorites Zoomer - {4282A6FA-0E0C-4b14-A966-2E6C1210356A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {05E0D4E9-A832-4886-B443-3729E04B3704} (Living Picture Player) - http://www.gamewaredevelopment.co.uk/cab/livingpicturex.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upg...detect.cab?3171
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DA4B43-3817-4A3B-A4E5-B6C281D38D0C}: NameServer = 158.43.240.4 158.43.240.3
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:58 AM

Posted 01 November 2005 - 02:45 PM

I do not see anything:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

#3 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:08:58 AM

Posted 01 November 2005 - 04:06 PM

Thank you, Lawrence, for the advice. For some reason I have beeen unable to boot into Safe Mode. Something seems to be wrong.

Anyway this is what I have:

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PECompact2 04/07/2005 09:48:00 528728 C:\WebCleaner.dll
aspack 04/07/2005 09:48:00 528728 C:\WebCleaner.dll

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 09/20/2005 14:04:46 15851025 C:\WINDOWS\LPT$VPN.849
qoologic 09/20/2005 14:04:46 15851025 C:\WINDOWS\LPT$VPN.849
SAHAgent 09/20/2005 14:04:46 15851025 C:\WINDOWS\LPT$VPN.849
UPX! 09/20/2005 14:04:46 170053 C:\WINDOWS\tsc.exe
PECompact2 09/20/2005 14:04:46 15851025 C:\WINDOWS\VPTNFILE.849
qoologic 09/20/2005 14:04:46 15851025 C:\WINDOWS\VPTNFILE.849
SAHAgent 09/20/2005 14:04:46 15851025 C:\WINDOWS\VPTNFILE.849
UPX! 09/20/2005 14:04:46 1044560 C:\WINDOWS\vsapi32.dll
aspack 09/20/2005 14:04:46 1044560 C:\WINDOWS\vsapi32.dll
UPX! 01/23/2005 21:19:10 39424 C:\WINDOWS\zipinst.exe

Checking %System% folder...
PEC2 08/29/2002 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
FSG! 12/10/2003 15:36:10 236544 C:\WINDOWS\SYSTEM32\divxdec.ax
PTech 08/03/2005 09:33:42 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 10/05/2005 02:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/05/2005 02:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 08/04/2004 07:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
qoologic 04/21/2005 14:34:36 10441226 C:\WINDOWS\SYSTEM32\pav.sig
aspack 04/21/2005 14:34:36 10441226 C:\WINDOWS\SYSTEM32\pav.sig
SAHAgent 04/21/2005 14:34:36 10441226 C:\WINDOWS\SYSTEM32\pav.sig
winsync 04/21/2005 14:34:36 10441226 C:\WINDOWS\SYSTEM32\pav.sig
Umonitor 08/04/2004 07:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 08/29/2002 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 10/22/2005 21:02:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 10/22/2005 21:02:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 10/22/2005 21:02:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 10/22/2005 21:02:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 08/04/2004 05:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/01/2005 20:41:16 S 2048 C:\WINDOWS\bootstat.dat
10/31/2005 11:59:38 H 54156 C:\WINDOWS\QTFont.qfn
10/23/2005 13:19:58 H 10820 C:\WINDOWS\Help\update.GID
11/01/2005 20:41:34 H 31775 C:\WINDOWS\system32\vsconfig.xml
11/01/2005 15:22:00 H 4212 C:\WINDOWS\system32\zllictbl.dat
10/04/2005 17:17:42 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
09/28/2005 10:53:30 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
09/09/2005 18:15:08 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
11/01/2005 20:42:02 H 1024 C:\WINDOWS\system32\config\default.LOG
11/01/2005 20:41:34 H 1024 C:\WINDOWS\system32\config\SAM.LOG
11/01/2005 20:42:32 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
11/01/2005 20:45:28 H 98304 C:\WINDOWS\system32\config\software.LOG
11/01/2005 20:45:28 H 36864 C:\WINDOWS\system32\config\system.LOG
10/13/2005 09:31:20 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
11/01/2005 11:50:16 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\50d6c6d2-6abc-4e78-8643-08399225b332
11/01/2005 11:50:16 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
11/01/2005 20:41:20 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 08/04/2004 07:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 05:11:00 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 08/04/2004 07:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
FotoNation inc. 10/26/1998 23:26:20 26624 C:\WINDOWS\SYSTEM32\CAMCPL.CPL
Microsoft Corporation 08/04/2004 07:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 08/04/2004 07:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 08/04/2004 07:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 08/04/2004 07:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 08/29/2002 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 08/04/2004 07:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 08/29/2002 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 08/04/2004 07:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 08/04/2004 07:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 08/04/2004 07:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
07/30/1998 05:44:02 R 14336 C:\WINDOWS\SYSTEM32\pmxusb.cpl
Microsoft Corporation 08/04/2004 07:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 09/23/2004 17:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 08/04/2004 07:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 08/29/2002 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 08/04/2004 07:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 08/04/2004 07:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 05/26/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 08/04/2004 07:56:58 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 08/04/2004 07:56:58 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 08/04/2004 07:56:58 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 08/04/2004 07:56:58 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 08/04/2004 07:56:58 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 08/04/2004 07:56:58 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 08/04/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 08/29/2002 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 08/04/2004 07:56:58 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 08/29/2002 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 08/04/2004 07:56:58 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 08/04/2004 07:56:58 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 08/04/2004 07:56:58 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 08/04/2004 07:56:58 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 08/04/2004 07:56:58 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 08/04/2004 07:56:58 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 08/29/2002 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 08/04/2004 07:56:58 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 08/04/2004 07:56:58 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 05/26/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/13/2005 10:02:24 1979 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ashampoo Magic Defrag.lnk
04/29/2005 11:35:30 1542 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
02/26/2004 17:23:38 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/13/2005 18:03:38 1723 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
08/17/2005 19:46:20 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/26/2004 09:19:34 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
02/26/2004 17:23:38 HS 84 C:\Documents and Settings\Maureen Anderson\Start Menu\Programs\Startup\desktop.ini
04/02/2005 11:20:58 654 C:\Documents and Settings\Maureen Anderson\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/01/2005 20:12:00 1050 C:\Documents and Settings\Maureen Anderson\Application Data\AdobeDLM.log
02/26/2004 09:19:34 HS 62 C:\Documents and Settings\Maureen Anderson\Application Data\desktop.ini
10/01/2005 19:53:18 0 C:\Documents and Settings\Maureen Anderson\Application Data\dm.ini
11/30/2004 15:08:20 65648 C:\Documents and Settings\Maureen Anderson\Application Data\GDIPFONTCACHEV1.DAT
10/19/2005 10:43:42 28836 C:\Documents and Settings\Maureen Anderson\Application Data\wklnhst.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\InoShell
{DCED20BE-3645-11D4-BC95-00C04F0E0588} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\InoShell
{DCED20BE-3645-11D4-BC95-00C04F0E0588} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{12345678-1234-1234-1234-1234567890AB}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4282A6FA-0E0C-4b14-A966-2E6C1210356A}
ButtonText = Save Link in Favorites Zoomer :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487}
ButtonText = Share in Hello :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} = Merriam-Webster Online : C:\WINDOWS\_MWOLTB.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
CHotkey mHotkey.exe
ledpointer CNYHKey.exe
SpeedTouch USB Diagnostics "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
POINTER C:\Program Files\Microsoft Hardware\Mouse\point32.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Picasa Media Detector C:\Program Files\Picasa2\PicasaMediaDetector.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
HotKey C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Sierra\Hallmark Card Studio\Event Planner Reminders Tray Icon.lnk
backup C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
location Common Startup
command C:\SIERRA\CARDST~1\PLNRnote.exe
item Event Planner Reminders Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Felix II
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Felix2
hkey HKCU
command C:\Program Files\ScreenMates\Felix II\Felix2.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Felix2
hkey HKCU
command C:\Program Files\ScreenMates\Felix II\Felix2.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TCMMouse
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MouseDrv
hkey HKLM
command C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MouseDrv
hkey HKLM
command C:\PROGRA~1\TCMMOU~1\MouseDrv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/01/2005 20:47:06

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:58 AM

Posted 01 November 2005 - 04:16 PM

I still do not see anything wrong here. What happens when you try to boot into safe mode?

#5 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:08:58 AM

Posted 02 November 2005 - 07:07 AM

My PC just carries on booting up.

I can`t boot up using the PC switch as it stops at one of the logos. If I switch off at the mains and switch on again from there then from the PC my PC boots up fine.

My PC is two years old. It`s a Medion and I have had no trouble with it all this time.

Thank you again. I am relieved that you cannot see anything wrong. I wondered about O17 in the HiJack file.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:58 AM

Posted 02 November 2005 - 11:05 AM

You tried all the options in this tutorial for trying to get into safe mode?

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

#7 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:08:58 AM

Posted 02 November 2005 - 11:46 AM

You tried all the options in this tutorial for trying to get into safe mode?

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:58 AM

Posted 02 November 2005 - 12:01 PM

You forgot to put an additional message there i think

#9 Reena

Reena
  • Topic Starter

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:08:58 AM

Posted 21 November 2005 - 07:42 AM

Apologies for the long silence. Have been away.

I still have to check out safe Mode and have printed off instructions to be sure I do this correctly next time. My PC froze each time I attempted what is, after all, a relatively simple operation. As I have installed a new programme "Starware" which seems to have caused a lot of problems on my PC I think it best to end my posting here, I think, and I will post again later with a new Hijack file, hopefully submitted correctly.

My thanks for your patience and help. I have had PC`s for six years now and this is the first time I have had what seems to be "real trouble".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users