Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 30 Posts

·
Registered
Joined
·
37 Posts
Discussion Starter · #1 ·
C:\System Volume Information\_restore{8E7BAC92-A7B4-43C4-8F80...Not-A-Virus.VirTool.Win32.AvSp
C:\System Volume Information\_restore{8E7BAC92-A7B4-43C4-8F80
C:\System Volume Information\_restore{8E7BAC92-A7B4-43C4-8F80
C:\System Volume Information\_restore{8E7BAC92-A7B4-43C4-8F80
C:\System Volume Information\_restore{8E7BAC92-A7B4-43C4-8F80
C:\System volume Information\_restore{8E7BAC92-A7B4-43C4-8F80...Backdoor.IRCBot

these are in my avg anti spyware......
now what?? do i remove them do i leave them?
i looked up the backdoor one and it says to maunally remove it but recommanded for advanced users only
that for windows xp you turn off system restore first then
you rename the file with a different extension then do a system restart then
after restart the malicious file will no longer be active and can be deleted easily
manually....then turn back on system restore BUT...if its in my quarintine why cant i just do it from there?
the one that was on my desktop i through in the trash....when i go online i will see if another
one pops up on my desktop
ffs i am sooooooo pissed...i deleted the one on my desktop..came on to yahoo and bang the preset is there again...
what the heck do i do?? this kept me up half the nite...i could just sit and cry

it all started with seeing a notepad pop on my desktop...
inside it says......[Main] Bandwidth=8......sometimes the number is also 16 or 24
i started to ask around and someone said it was a backdoor virus....i just kept throwing it in the trash and it kept popping back up.....then i did the anti spyware avg and u see what i copy and pasted..........this is driving me absoultly crazy.....please if anyone can help it would really be appreciated....Beth
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #2 ·
maybe its just too good to be true that with so many posting here that anyone could even help me...i tried reading as many posts as I could to see if I could find out a solution or if there was someone with the same problem with no luck
 

·
Retired Moderator
Joined
·
72,109 Posts
Flush your System Restore:

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Restart the computer.

To create a new restore point:
  • Start go to All Programs
  • Accessories, System Tools and select System Restore.
  • In the System Restore wizard, select "Create a restore point" and click the Next button.
  • Type a description for your new restore point. Something like "After trojan/spyware cleanup".
  • Click Create and you're done.
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #4 ·
thankyou so much for getting back to me....I know with so very many posts that its hard to get to each and every one..........I am not at my computer at the moment but have printed this and will try it tonite and I will get back to you...ty once again for trying to help me.
Beth
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #6 ·
It didnt work....I have scanned with AVG virus and AVG spyware....and windows defender....spybot....ad aware too...all in safe mode and not in safe mode....how the hell do i get rid of that preset thingy????
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #7 ·
maybe there is no other couse but to reformat....is there a link to show me how to do that or is that a task that shouldnt even be taken yet?.....i am just soo frustrated and i see on here that many have more problems than me...I have hijack this but was told if i dont know what i am doing to forget it...i could make things worse.....
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #9 ·
i dont know the settings to use to run the hijack this...was told i can really mess my computer up if i dont know how to use and and i sure dont want to do that........is there any special settings i should use ?...
 

·
Retired Moderator
Joined
·
72,109 Posts
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #12 ·
sorry i was sick and off the computer for a while.....here is my hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 4:26:42 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\twain_32\EPI\EN-F610\SCANER32.EXE
C:\Documents and Settings\Beth\My Documents\Anti-Malware Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Scanner Utility.lnk = C:\WINDOWS\twain_32\EPI\EN-F610\SCANER32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139447889625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139448377000
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Nothing showing up there. Are you still having the same symptoms?

"seeing a notepad pop on my desktop...
inside it says......[Main] Bandwidth=8......sometimes the number is also 16 or 24"
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #14 ·
i think i may have found the culprit to that or at least i think i know when that preset thing pops up on my desktop.....i use yahoo messenger to talk to family and friends.....i uninstalled it and reinstalled it.....when yahoo said that a backround auto update for yahoo is running in the background i clicked ok...and at that second that preset popped on my desktop....threw it in the bin then i uninstalled and ran all the scans and it was gone,,,reinstalled yahoo again and this time i didnt click ok...clicked the X instead when that update thing came on and the darn preset came up again! it is sitting on my desktop now...i dont throw it in the recycle bin as it just keeps coming back... is yahoo trying to monitor me somehow and am i even suppose to see that preset....?? maybe its suppose to go somewhere else on my computer........i have no clue.....ty so much for trying to help me ..I really appreciate it...Beth
 

·
Retired Moderator
Joined
·
72,109 Posts
I have yahoo messenger and I'm not getting that.
What version are you using?

Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

Post a new HiJack This log along with the results from ActiveScan.
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #16 ·
using yahoo messenger 7.0....this version is the only one my ytunnel works with for chat
Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Beth\Cookies\[email protected][3].txt Logfile of HijackThis v1.99.1
Scan saved at 7:17:05 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\twain_32\EPI\EN-F610\SCANER32.EXE
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Beth\My Documents\Anti-Malware Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Scanner Utility.lnk = C:\WINDOWS\twain_32\EPI\EN-F610\SCANER32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139447889625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139448377000
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44DDF0DE-E475-45DB-8913-2F59E4765E4E}: NameServer = 64.136.28.120 64.136.20.120
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here.
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #20 ·
WinPFind3 logfile created on: 1/30/2007 7:45:46 PM
WinPFind3U by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\Beth\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

457136 Kb Total Physical Memory | 169596 Kb Available Physical Memory | 37.10% Memory free
1078056 Kb Paging File | 662104 Kb Available in Paging File | 61.42% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80405292 Kb Total Space | 71513572 Kb Free Space | 88.94% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Files - Created Within 30 days]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 618 bytes | Created Date = 1/22/2007 10:05:01 AM | Attr = H ]
Firewall.BAK -> %CommonProgramFiles%\Symantec Shared\Firewall.BAK -> [Ver = | Size = 56524 bytes | Created Date = 1/30/2007 12:37:36 PM | Attr = ]
Firewall.rul -> %CommonProgramFiles%\Symantec Shared\Firewall.rul -> [Ver = | Size = 56524 bytes | Created Date = 1/30/2007 12:37:36 PM | Attr = ]
LocationMap.dat -> %CommonProgramFiles%\Symantec Shared\LocationMap.dat -> [Ver = | Size = 228 bytes | Created Date = 1/30/2007 12:37:32 PM | Attr = ]
Persist.BAK -> %CommonProgramFiles%\Symantec Shared\Persist.BAK -> [Ver = | Size = 13132 bytes | Created Date = 1/30/2007 12:26:12 PM | Attr = ]
Persist.Dat -> %CommonProgramFiles%\Symantec Shared\Persist.Dat -> [Ver = | Size = 13132 bytes | Created Date = 1/30/2007 12:26:12 PM | Attr = ]
SEVINST.EXE -> %CommonProgramFiles%\Symantec Shared\SEVINST.EXE -> Symantec Corporation [Ver = 12.3.0.15 | Size = 407256 bytes | Created Date = 1/30/2007 12:21:35 PM | Attr = ]
ez_log.html -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\ez_log.html -> [Ver = | Size = 9900 bytes | Created Date = 1/30/2007 12:23:41 PM | Attr = ]
symlcnet.dll -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcnet.dll -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 319144 bytes | Created Date = 1/30/2007 12:23:41 PM | Attr = ]
symlcrst.dll -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcrst.dll -> [Ver = | Size = 524828 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Created Date = 1/30/2007 12:23:41 PM | Attr = ]
symlctnk.dll -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlctnk.dll -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 416936 bytes | Created Date = 1/30/2007 12:23:41 PM | Attr = ]
eeCtrl.sys -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Created Date = 1/30/2007 12:20:02 PM | Attr = ]
EPERSIST.DAT -> %CommonProgramFiles%\Symantec Shared\EENGINE\EPERSIST.DAT -> [Ver = | Size = 48 bytes | Created Date = 1/30/2007 2:40:42 PM | Attr = ]
EraserUtilRebootDrv.sys -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 102712 bytes | Created Date = 1/30/2007 2:35:00 PM | Attr = ]
GUZ_004.chw -> %CommonProgramFiles%\Symantec Shared\Help\GUZ_004.chw -> [Ver = | Size = 130784 bytes | Created Date = 1/30/2007 3:53:09 PM | Attr = ]
LUALL.CHM -> %CommonProgramFiles%\Symantec Shared\Help\LUALL.CHM -> [Ver = | Size = 40955 bytes | Created Date = 1/30/2007 12:21:06 PM | Attr = ]
NAV_opts.chw -> %CommonProgramFiles%\Symantec Shared\Help\NAV_opts.chw -> [Ver = | Size = 130784 bytes | Created Date = 1/30/2007 2:52:02 PM | Attr = ]
outbreak.chw -> %CommonProgramFiles%\Symantec Shared\Help\outbreak.chw -> [Ver = | Size = 130784 bytes | Created Date = 1/30/2007 1:13:15 PM | Attr = ]
protect.chw -> %CommonProgramFiles%\Symantec Shared\Help\protect.chw -> [Ver = | Size = 130784 bytes | Created Date = 1/30/2007 3:08:35 PM | Attr = ]
DefUTDCD.dll -> %CommonProgramFiles%\Symantec Shared\IDS\DefUTDCD.dll -> Symantec Corporation [Ver = 3.1.28.0 | Size = 759504 bytes | Created Date = 1/30/2007 12:22:03 PM | Attr = ]
IDSAux.dll -> %CommonProgramFiles%\Symantec Shared\IDS\IDSAux.dll -> Symantec Corporation [Ver = 6.2.2.2 | Size = 190192 bytes | Created Date = 1/30/2007 12:22:03 PM | Attr = ]
IDSSettg.BAK -> %CommonProgramFiles%\Symantec Shared\IDS\IDSSettg.BAK -> [Ver = | Size = 4372 bytes | Created Date = 1/30/2007 12:26:11 PM | Attr = ]
IDSSettg.dat -> %CommonProgramFiles%\Symantec Shared\IDS\IDSSettg.dat -> [Ver = | Size = 4372 bytes | Created Date = 1/30/2007 12:26:11 PM | Attr = ]
Patch25.dll -> %CommonProgramFiles%\Symantec Shared\IDS\Patch25.dll -> Symantec Corporation [Ver = 2.5.22.0 | Size = 91232 bytes | Created Date = 1/30/2007 12:22:03 PM | Attr = ]
SymIDSLU.dll -> %CommonProgramFiles%\Symantec Shared\IDS\SymIDSLU.dll -> Symantec Corporation [Ver = 6.2.2.2 | Size = 59048 bytes | Created Date = 1/30/2007 12:22:03 PM | Attr = ]
2007-01-30-377d.kc -> %CommonProgramFiles%\Symantec Shared\SPBBC\2007-01-30-377d.kc -> [Ver = | Size = 218344 bytes | Created Date = 1/30/2007 5:57:35 PM | Attr = ]
CIDS.GRD -> %CommonProgramFiles%\Symantec Shared\SPManifests\CIDS.GRD -> [Ver = | Size = 230 bytes | Created Date = 1/30/2007 12:22:03 PM | Attr = ]
CIDS.SIG
 
1 - 20 of 30 Posts
Status
Not open for further replies.
Top