Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: virus caused loss of some windows functions  (Read 5602 times)

0 Members and 1 Guest are viewing this topic.

terrymc

    Topic Starter


    Greenhorn

    virus caused loss of some windows functions
    « on: July 14, 2008, 07:54:14 PM »
    I have removed the impact of antivirus 2008 and have recovered most functions.

    i have windows XP sp2

    at this point there is VIRUS ALERT next to the time/clock
    the all programs menu is missing from START
    hard drive is missing from the My Computer display area

    ( hard drive is acceptable from applications. ie outlook )

    also logoff is not showing next to the turn off computer )

    I have run various diagnostics including microsoft scan and the stop acceleration product

    i have run both adware snd spybot SD




    Logged

    Broni


      Mastermind
    • Kraków my love :)
      • Thanked: 614
      • Computer Help Forum
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows 8
    Re: virus caused loss of some windows functions
    « Reply #1 on: July 14, 2008, 08:12:10 PM »
    Print these instructions out.

    1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

        * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
        * An icon will be created on your desktop. Double-click that icon to launch the program.
        * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
        * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT  FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

        * Open SUPERAntiSpyware.
        * Under "Configuration and Preferences", click the Preferences button.
        * Click the Scanning Control tab.
        * Under Scanner Options make sure the following are checked (leave all others unchecked):
              o Close browsers before scanning.
              o Scan for tracking cookies.
              o Terminate memory threats before quarantining.
        * Click the "Close" button to leave the control center screen.
        * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
        * On the left, make sure you check C:\Fixed Drive.
        * On the right, under "Complete Scan", choose Perform Complete Scan.
        * Click "Next" to start the scan. Please be patient while it scans your computer.
        * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
        * Make sure everything has a checkmark next to it and click "Next".
        * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
        * If asked if you want to reboot, click "Yes".
        * To retrieve the removal information after reboot, launch SUPERAntispyware again.
              o Click Preferences, then click the Statistics/Logs tab.
              o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
              o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
              o Please copy and paste the Scan Log results in your next reply.
        * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

        * Double-click mbam-setup.exe and follow the prompts to install the program.
        * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
        * If an update is found, it will download and install the latest version.
        * Once the program has loaded, select Perform full scan, then click Scan.
        * When the scan is complete, click OK, then Show Results to view the results.
        * Be sure that everything is checked, and click Remove Selected.
        * When completed, a log will open in Notepad.
        * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    3. Download HijackThis:
    http://www.snapfiles.com/get/hijackthis.html
    Post HijackThis log.
    Logged

    terrymc

      Topic Starter


      Greenhorn

      Re: virus caused loss of some windows functions
      « Reply #2 on: July 15, 2008, 01:15:19 PM »
      problem ... F8 safe mode is not displayed as an option.. just F1 and F10 ( restore )

      also superantispyware wont open
      « Last Edit: July 15, 2008, 03:22:32 PM by terrymc »
      Logged

      terrymc

        Topic Starter


        Greenhorn

        Re: virus caused loss of some windows functions
        « Reply #3 on: July 15, 2008, 03:29:13 PM »
        hijack log

        ogfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:27: VIRUS ALERT!, on 7/15/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Unable to get Internet Explorer version!
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
        C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
        c:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Viewpoint\Common\ViewpointService.exe
        C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\NETGEAR\WG111T\wlan111t.exe
        C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
        C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\InterMute\SpySubtract\SpySub.exe
        C:\Program Files\internet explorer\iexplore.exe
        C:\Program Files\Lotus\Sametime Client\Connect.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
        O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O4 - Startup: HP Organize.lnk = ?
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
        O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
        O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
        O4 - Global Startup: VPN Client.lnk = ?
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
        O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
        O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
        O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
        O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.acsonline.com/qp2.cab
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
        O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138551828593
        O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
        O16 - DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} (Crystal Print Control 10.0) - https://acsreports.acs-inc.com/crystalreportviewers10/ActiveXControls/PrintControl.cab
        O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab
        O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
        O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
        O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        O23 - Service: MSSysInterv - Unknown owner - c:\winself.exe (file missing)
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

        --
        End of file - 9545 bytes
        Logged

        Broni


          Mastermind
        • Kraków my love :)
          • Thanked: 614
          • Computer Help Forum
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 8
        Re: virus caused loss of some windows functions
        « Reply #4 on: July 15, 2008, 07:25:03 PM »
        Quote
        F8 safe mode is not displayed as an option.. just F1 and F10

        You're doing something wrong...

        To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears:

        Logged

        terrymc

          Topic Starter


          Greenhorn

          Re: virus caused loss of some windows functions
          « Reply #5 on: July 15, 2008, 07:31:37 PM »
          nope not there HP hides the option under esc

          next im trying to get the software but keep getting page cannot be displayed. will try to save from another pc and than install. also i keep getting redirected when going to some websites.

          ie. www.websire.com redirected to some other totally different page usually the the rediect name is a long stream of garbage.
          Logged

          Broni


            Mastermind
          • Kraków my love :)
            • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: virus caused loss of some windows functions
          « Reply #6 on: July 15, 2008, 07:37:36 PM »
          Quote
          nope not there HP hides the option under esc
          Nope, by pressing Esc, you probably can get to BIOS, and Recovery Partition.
          Anyway, we'll try to solve it later.
          Run Malwarebytes, then, post its log.
          When done, fresh HJT log.
          Both in Normal Mode.

          Don't worry about other problems, now. Your computer is infected, remember? :)
          Logged

          terrymc

            Topic Starter


            Greenhorn

            Re: virus caused loss of some windows functions
            « Reply #7 on: July 17, 2008, 10:52:59 AM »
            sorry for the delay in responding

            making progress and its slow this was one nasty virus...
            So far i have run AVG and seems to have the virus out. I have also run superantispyware. that too has removed some things.

            I have identified thru the regedit find 3 entries containing the VIRUS ALERT! text string. and i have corrected the registry  ( i am a mainframe tech i have no fear lol ).

            I have also found that the virus disabled several START entries and I have got those back. Also the ALL PROGRAMS on the start menu i re-enabled in the registry variable NoStartMenuMorePrograms

            Also the F8 OS load boot screen is back

            issues remaining

            still no harddrive icon on the my computer ( removeables are displayed )

            the most annoying is the blocking/redirect of websites. i find that some can be accessed thru google cache. others like update.microsoft.com are blocked anbd page can not be displayed. I have gone thru the IE6 options and deleted all Restricted Sites ( there was a very long list ) I even put some sites in the Trusted Site list and disabled the windows firewall. w/o having success. I also deleted all the toolbars.
            The addons (?) is that something to consider. also in HJT i see alot of BHO w/o files

            I will download the malware progam you suggested  ( need to use another pc ). also FYI seems that SPYBOT/sd was also hit ( some of its programs are in quarantine )

            here is the latest HJT

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 12:51, on 7/17/2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Unable to get Internet Explorer version!
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\PROGRA~1\AVG\AVG8\avgtray.exe
            C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
            C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
            C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
            C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            c:\Program Files\Common Files\LightScribe\LSSrvc.exe
            C:\PROGRA~1\AVG\AVG8\avgrsx.exe
            C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            C:\Program Files\NETGEAR\WG111T\wlan111t.exe
            C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
            C:\WINDOWS\system32\HPZipm12.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Viewpoint\Common\ViewpointService.exe
            C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
            C:\Program Files\internet explorer\iexplore.exe
            C:\Program Files\internet explorer\iexplore.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
            F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
            O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
            O2 - BHO: {10fdf994-1605-5439-6e14-7ca1c5ecb331} - {133bce5c-1ac7-41e6-9345-5061499fdf01} - (no file)
            O2 - BHO: (no name) - {21461821-DED9-4D67-BE47-C9800C50B7FE} - (no file)
            O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
            O2 - BHO: (no name) - {41F39511-418E-4DCB-AA1A-248F6DA0A451} - (no file)
            O2 - BHO: (no name) - {4930DF70-4618-429B-9BA7-5A3208101307} - (no file)
            O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O2 - BHO: (no name) - {698F8AB4-660F-48F6-2D75-4AB6033DF1BF} - (no file)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O2 - BHO: (no name) - {76FB9208-8EC2-4F9F-89D0-37AF10ECD2EC} - (no file)
            O2 - BHO: (no name) - {771FF2EC-39CF-4BF2-8D0B-DE19D62C8C02} - (no file)
            O2 - BHO: (no name) - {79492E60-FC25-42BC-9752-522C3F4A02AD} - (no file)
            O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
            O2 - BHO: (no name) - {AFB2C802-BC28-4B89-AB07-23D785A369D0} - (no file)
            O2 - BHO: (no name) - {EC950B42-DD0B-40B3-AAFB-3139A2A85308} - (no file)
            O2 - BHO: (no name) - {F8AC36D7-F602-4B69-99B5-2A812E05779F} - (no file)
            O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
            O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
            O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
            O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
            O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
            O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
            O4 - Startup: HP Organize.lnk = ?
            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
            O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
            O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
            O4 - Global Startup: VPN Client.lnk = ?
            O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
            O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
            O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
            O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
            O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
            O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
            O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
            O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.acsonline.com/qp2.cab
            O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
            O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
            O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
            O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138551828593
            O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
            O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
            O16 - DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} (Crystal Print Control 10.0) - https://acsreports.acs-inc.com/crystalreportviewers10/ActiveXControls/PrintControl.cab
            O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab
            O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
            O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
            O20 - AppInit_DLLs: avgrsstx.dll
            O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
            O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
            O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
            O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
            O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
            O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
            O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
            O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
            O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
            O23 - Service: MSSysInterv - Unknown owner - c:\winself.exe (file missing)
            O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
            O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

            --
            End of file - 11441 bytes





               

            « Last Edit: July 17, 2008, 11:13:32 AM by terrymc »
            Logged

            Broni


              Mastermind
            • Kraków my love :)
              • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: virus caused loss of some windows functions
            « Reply #8 on: July 17, 2008, 06:20:09 PM »
            Don't play too much with registry, unless you're 100% sure what you're doing.
            I'd like to see Malwarebytes log, and then, new HJT log.
            Logged

            terrymc

              Topic Starter


              Greenhorn

              Re: virus caused loss of some windows functions
              « Reply #9 on: July 20, 2008, 05:51:31 PM »
              whewwwwwww finally after hoop jumping and a few hours of configurations things are back to normal. just lost some desktop icons.

              malwarebytes and superantispyware did the tricks.

              i discovered in searching ariound thru my pc that the virus attacke current user settings. when i logged on to my guest account i could see the hard drive and some other functions. in order to install mwb and sasw i had to create a new admin account. after running mwb under the temp admin account this cleared the brwoser issue ( redirects ). The homepage i found thru the privacy report had a couple bogus garbage url's ie absjubvytuiopon.com

              I than ran mwb against my regulra logon and that restorrd by ability to see the hard drives and the account logon buttons on the START.

              atabase version: 930
              Windows 5.1.2600 Service Pack 2

              19:27:07 7/20/2008
              mbam-log-7-20-2008 (19-26-07).txt

              Scan type: Full Scan (C:\|D:\|)
              Objects scanned: 132437
              Time elapsed: 34 minute(s), 43 second(s)

              Memory Processes Infected: 0
              Memory Modules Infected: 0
              Registry Keys Infected: 0
              Registry Values Infected: 1
              Registry Data Items Infected: 5
              Folders Infected: 0
              Files Infected: 1

              Memory Processes Infected:
              (No malicious items detected)

              Memory Modules Infected:
              (No malicious items detected)

              Registry Keys Infected:
              (No malicious items detected)

              Registry Values Infected:
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.

              Registry Data Items Infected:
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
              HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

              Folders Infected:
              (No malicious items detected)

              Files Infected:
              C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> No action taken.


              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 19:51, on 7/20/2008
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Unable to get Internet Explorer version!
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
              C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
              C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
              c:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\system32\HPZipm12.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Viewpoint\Common\ViewpointService.exe
              C:\PROGRA~1\AVG\AVG8\avgrsx.exe
              C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\QuickTime\qttask.exe
              C:\PROGRA~1\AVG\AVG8\avgtray.exe
              C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\NETGEAR\WG111T\wlan111t.exe
              C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
              C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: {10fdf994-1605-5439-6e14-7ca1c5ecb331} - {133bce5c-1ac7-41e6-9345-5061499fdf01} - (no file)
              O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
              O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
              O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
              O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
              O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
              O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              O4 - Startup: HP Organize.lnk = ?
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
              O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
              O4 - Global Startup: VPN Client.lnk = ?
              O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
              O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
              O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
              O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
              O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.acsonline.com/qp2.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
              O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
              O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138551828593
              O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
              O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
              O16 - DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} (Crystal Print Control 10.0) - https://acsreports.acs-inc.com/crystalreportviewers10/ActiveXControls/PrintControl.cab
              O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab
              O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
              O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
              O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
              O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
              O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
              O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

              --
              End of file - 10273 bytes


               
              Logged

              Broni


                Mastermind
              • Kraków my love :)
                • Thanked: 614
                • Computer Help Forum
              • Computer: Specs
              • Experience: Experienced
              • OS: Windows 8
              Re: virus caused loss of some windows functions
              « Reply #10 on: July 20, 2008, 06:02:23 PM »
              I'm glad to see progress...
              However Malwarebytes log shows: "No action taken" after each line.
              Most likely, it's the log from before fixes were applied.
              If so, please post correct log.
              Make sure, HJT log is from after all fixes were done.
              Logged

              terrymc

                Topic Starter


                Greenhorn

                Re: virus caused loss of some windows functions
                « Reply #11 on: July 20, 2008, 06:20:44 PM »
                i had to run mwb twice here is the first run under the master admin account i had to create

                Malwarebytes' Anti-Malware 1.20
                Database version: 930
                Windows 5.1.2600 Service Pack 2

                12:20:39 AM 7/20/2008
                mbam-log-7-20-2008 (00-20-38).txt

                Scan type: Full Scan (C:\|D:\|)
                Objects scanned: 132729
                Time elapsed: 42 minute(s), 20 second(s)

                Memory Processes Infected: 0
                Memory Modules Infected: 0
                Registry Keys Infected: 12
                Registry Values Infected: 0
                Registry Data Items Infected: 0
                Folders Infected: 1
                Files Infected: 18

                Memory Processes Infected:
                (No malicious items detected)

                Memory Modules Infected:
                (No malicious items detected)

                Registry Keys Infected:
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssysinterv (Trojan.Agent) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                HKEY_CLASSES_ROOT\sqvgnrpx.bsol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

                Registry Values Infected:
                (No malicious items detected)

                Registry Data Items Infected:
                (No malicious items detected)

                Folders Infected:
                C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

                Files Infected:
                C:\Program Files\PCHealthCenter\0.exe._eac_qt_ (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\5.exe._eac_qt_ (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
                C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
                C:\WINDOWS\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
                C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
                C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
                C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
                C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
                C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
                C:\Documents and Settings\HP_Owner\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
                C:\Documents and Settings\HP_Owner\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

                HJT log above was after everything was corrected

                just encase here is hjt from the master admin account

                (my regular account logon is terry )

                Logfile of Trend Micro HijackThis v2.0.2
                Scan saved at 8:20:09 PM, on 7/20/2008
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Unable to get Internet Explorer version!
                Boot mode: Normal

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
                C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
                c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                C:\WINDOWS\system32\HPZipm12.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Viewpoint\Common\ViewpointService.exe
                C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\QuickTime\qttask.exe
                C:\PROGRA~1\AVG\AVG8\avgtray.exe
                C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
                C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                C:\Program Files\NETGEAR\WG111T\wlan111t.exe
                C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
                C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
                C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                O2 - BHO: {10fdf994-1605-5439-6e14-7ca1c5ecb331} - {133bce5c-1ac7-41e6-9345-5061499fdf01} - (no file)
                O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
                O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
                O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
                O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
                O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
                O4 - HKUS\S-1-5-21-1775530687-154687343-135775073-1009\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'HP_Owner')
                O4 - HKUS\S-1-5-21-1775530687-154687343-135775073-1009\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'HP_Owner')
                O4 - HKUS\S-1-5-21-1775530687-154687343-135775073-1009\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'HP_Owner')
                O4 - S-1-5-21-1775530687-154687343-135775073-1009 Startup: HP Organize.lnk = ? (User 'HP_Owner')
                O4 - S-1-5-21-1775530687-154687343-135775073-1009 User Startup: HP Organize.lnk = ? (User 'HP_Owner')
                O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
                O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
                O4 - Global Startup: VPN Client.lnk = ?
                O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
                O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
                O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
                O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
                O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
                O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
                O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
                O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
                O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
                O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
                O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
                O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.acsonline.com/qp2.cab
                O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
                O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
                O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
                O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
                O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138551828593
                O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
                O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                O16 - DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} (Crystal Print Control 10.0) - https://acsreports.acs-inc.com/crystalreportviewers10/ActiveXControls/PrintControl.cab
                O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab
                O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
                O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
                O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
                O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
                O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

                --
                End of file - 11964 bytes
                Logged
                Pages: [1]   Go Up
                « previous next »