|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
10-29-2007, 08:13 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2
|
Winpcap,Syjpkt,& others!
Hello,
I think I have a few problems! lol I currently run: Ad-aware Spybot S&D CWShredder SpyGuard Spyware Blaster CA Pest Patrol CA EZ Antivirus Xoftspy Antispy ATF Cleaner Zone Alarm Winpatrol Everything seemed OK until I loaded Spyware Terminator. I have since uninstalled it. I am seeing the following problems. Spyware Terminator PHOTO 1 (HuPigeonSpywareTerm)  (Sigh ... spelling!)SpywareTerminator found Hupigon.ucj - for a Magnifying Glass program I've used for years and the other spy checkers never found a problem with it. Think this was a false positive?  Xoftspy finds: PHOTO 2 (WinpcapErrorXoftspyOct2007) 1. winpcap - this is all it found before I removed Spyware Terminator and cleaned up the registry with Registry Medic. Removed entries for invalid files/paths. Was in the middle of researching winpcap when the other problems appeared. PHOTO 3 (WinpcapRegistryEntries) I looked in the registry to the path indicated in the previous photo. Can't find anything but a default entry. PHOTO 4 (XoftspyAfterCleanRegistryErrors) 2. Win32DelfAK. Think this might be bogus!? Windows XP Pro Services PHOTO 5 (ServicesWhatIsthis2) & PHOTO 6 (ServicesWhatIsthisBonjour) Services show ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## I have disabled it and rebooted. This stopped the mDNSResponder process from appearing in the Task Manager Window. Don't know where this came from. Research keeps pointing to Bonjour..don't have Itunes installed. CA Pest Patrol PHOTO 7 (PestPatrolProcKill) ProcKill - I have quarantined this. Device Manager PHOTO 8 (DeviceMgr2) SjyPkt - I have disabled this in the device manager for now. PHOTO 9 (sjypktRegistryEntries) This shows what is in the registry. Spyware Terminator kept giving me an error on a driver file extension change for this entry. Stated it was a problem. Don't know what this is. ComboFix Tried running the scan and log part of this. Ran for a while and then gave me an error PHOTO 10 (ComboFixRunError). It did create the txt log. I can append this post if you want to see it. SO...........I came to see you guys!  I ran through your five steps. Here’s the Panda On-line Scan and the HiJackThis log: Thanks for your time and help,  Saber I will send the rest of the photos in the next post. Deckard's System Scanner v20071014.68 Run by Dana on 2007-10-29 22:43:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 6: 2007-10-30 02:43:10 UTC - RP173 - Deckard's System Scanner Restore Point 5: 2007-10-30 02:17:18 UTC - RP172 - Software Distribution Service 3.0 4: 2007-10-29 14:32:55 UTC - RP171 - ComboFix created restore point 3: 2007-10-28 14:45:44 UTC - RP170 - System Checkpoint 2: 2007-10-25 12:17:06 UTC - RP169 - System Checkpoint -- First Restore Point -- 1: 2007-10-24 11:05:26 UTC - RP168 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Dana.exe) ------------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-10-29 22:44:18 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\Runservice.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Dantz\Retrospect\wdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\explorer.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe G:\Program FilesDM\BillP Studios\WinPatrol\WinPatrol.exe G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PrintKey2000\Printkey2000.exe G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe G:\Program FilesDM\SpywareGuard\sgmain.exe G:\Program FilesDM\SpywareGuard\sgbhp.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\Mozilla Firefox\firefox.exe H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\DeckardSystemScannerIncHiJackOct2007\dss.exe H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\Dana.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rr.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program FilesDM\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program FilesDM\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [QOELOADER] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" O4 - HKLM\..\Run: [CaAvTray] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [WinPatrol] G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtWLan] g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = G:\Program FilesDM\SpywareGuard\sgmain.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190829390484 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} () - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\Runservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe -- End of file - 9697 bytes -- HijackThis Fixed Entries (H:\MYFILE~1\DOWNLO~1\SOFTWA~1\SPYWAR~1\HIJACK~1\backups\) -------------------------------------------------------------------------------- backup-20070406-210506-187 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm -- File Associations ----------------------------------------------------------- .scr - PhEdit.scr - shell\open\command - C:\Program Files\VCW VicMan's Photo Editor\vcwphoto.exe %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe> R1 magicpvt - c:\windows\system32\drivers\magicpvt.sys <Not Verified; Samsung Electronics, Inc.; MagicRotation Driver> R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R2 NIOC (NIOC Service) - c:\windows\system32\nioc.sys <Not Verified; D-Link Corporation; NIOC (NT5) Driver> R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT> S1 ewido anti-spyware 4.0 driver - d:\fixpgmsdownloaded\ewido anti-spyware 4.0\guard.sys (file missing) S3 catchme - c:\docume~1\dana\locals~1\temp\catchme.sys (file missing) S4 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect> R2 WZCBDLService (WZCBDL Service) - "c:\program files\wzcbdl service\wzcbdls.exe" <Not Verified; D-Link; WZCBDLService Launcher (NT)> S3 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe S3 ewido anti-spyware 4.0 guard - d:\fixpgmsdownloaded\ewido anti-spyware 4.0\guard.exe (file missing) S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_0C4A8086&REV_10\4&2E98101C&0&18F0 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_0C4A8086&REV_10\4&2E98101C&0&18F0 Service: RTL8023xp Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SjyPkt Device ID: ROOT\LEGACY_SJYPKT\0000 Manufacturer: Name: SjyPkt PNP Device ID: ROOT\LEGACY_SJYPKT\0000 Service: SjyPkt -- Files created between 2007-09-29 and 2007-10-29 ----------------------------- 2007-10-29 09:30:52 2368 --a------ C:\WINDOWS\system32\SVKP.sys <Not Verified; AntiCracking; SVKP driver for NT> 2007-10-21 19:22:25 0 d-------- C:\VundoFix Backups 2007-10-19 02:30:19 0 d-------- C:\Documents and Settings\Dana\Application Data\XnView 2007-10-19 02:08:49 0 d-------- C:\Program Files\Picasa2 2007-10-10 00:54:41 0 dr-h----- C:\Documents and Settings\Dana\Recent 2007-10-01 18:44:44 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-10-01 12:47:05 0 d-------- C:\Program Files\Bonjour 2007-10-01 12:37:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared -- Find3M Report --------------------------------------------------------------- 2007-10-29 22:23:53 1425 --ahs---- C:\WINDOWS\system32\mmf.sys 2007-10-29 22:23:04 32 --a------ C:\WINDOWS\system32\driver.dat 2007-10-29 11:35:42 0 d-------- C:\Program Files\WZCBDL Service 2007-10-29 11:35:25 0 d-------- C:\Program Files\PrintKey2000 2007-10-29 11:29:14 0 d-------- C:\Program Files\Common Files\aolshare 2007-10-29 09:54:15 0 d-------- C:\Program Files\XoftSpySE 2007-10-29 05:51:59 0 d-------- C:\Documents and Settings\Dana\Application Data\EasyJob Resume Builder 2007-10-19 02:08:59 0 d-------- C:\Program Files\Google 2007-10-01 19:12:59 0 d-------- C:\Documents and Settings\Dana\Application Data\Adobe 2007-10-01 18:20:25 0 d-------- C:\Program Files\Common Files\Adobe 2007-10-01 12:37:52 0 d-------- C:\Program Files\Common Files 2007-10-01 03:33:44 0 d-------- C:\Program Files\Adobe Type Manager 2007-10-01 03:32:03 0 d-------- C:\Program Files\PhotoDeluxe BE 1.1 2007-09-28 05:24:55 0 d-------- C:\Documents and Settings\Dana\Application Data\WinWay 2007-09-27 15:27:45 0 d-------- C:\Program Files\WinWay Resume 2007-09-27 00:12:40 0 d-------- C:\Program Files\VCW VicMan's Photo Editor 2007-09-27 00:08:29 0 d-------- C:\Documents and Settings\Dana\Application Data\Image Zone Express 2007-09-25 22:37:16 68 --a------ C:\WINDOWS\E 2007-09-24 06:39:02 0 d-------- C:\Program Files\SupportSoft -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [06/18/2005 02:01 AM C:\WINDOWS\CTHELPER.EXE] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/19/2005 10:35 PM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/19/2005 10:32 PM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/19/2005 10:36 PM] "CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [02/15/2005 05:10 PM] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 07:25 PM] "QOELOADER"="G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" [03/20/2007 06:49 PM] "CaAvTray"="G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [03/20/2007 06:49 PM] "CAVRID"="G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [03/20/2007 06:49 PM] "WinPatrol"="G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe" [10/05/2005 03:23 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM] "nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM] "RtWLan"="g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe" [03/25/2005 10:13 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] C:\Documents and Settings\Dana\Start Menu\Programs\Startup\ SpywareGuard.lnk - G:\Program FilesDM\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [3/19/2007 9:19:22 PM] WG111v2 Smart Wizard Wireless Setting.lnk - G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [5/29/2007 8:37:16 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R "AOL Fast Start"="G:\America Online 9.0\AOL.EXE" -b "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SoundMan"=SOUNDMAN.EXE "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "InCD"=C:\Program Files\Ahead\InCD\InCD.exe "HostManager"=C:\Program Files\Common Files\AOL\1174402975\ee\AOLSoftware.exe "AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" "RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run "EM_EXEC"=G:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE "MagicRotation"=C:\Program Files\MagicRotation\MagicPvt.exe "HP Software Update"=G:\Program FilesDM\HP\HP Software Update\HPWuSchd2.exe "Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe "WD Button Manager"=WDBtnMgr.exe "!ewido"="D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\ewido.exe" /minimized "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" "RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup "UpdReg"=C:\WINDOWS\UpdReg.EXE "D-Link Air USB Utility"=G:\Program FilesDM\D-Link\Air USB Utility\AirCFG.exe "Zone Labs Client"=g:\Program FilesDM\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4991eea6-eb0a-11db-abbc-000fb5b6fe4b}] AutoRun\command- L:\JDSecure\Windows\JDSecure20.exe -- End of Deckard's System Scanner: finished at 2007-10-29 22:46:00 ------------ And here's the Panda Scan Incident Status Location Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dana\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dana\Desktop\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\HaxFix\Process.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe |
|
     |
| Sponsored Links |
|
10-29-2007, 08:20 PM
|
#2 (permalink) |
|
Registered User
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2
|
Re: Winpcap,Syjpkt,& others!
Here's the rest of the error photos.
I didn't upload PHOTO7 Pest Patrol/Prockill mentioned in previous post. Thought it was the least of the problems.  Thanks again,  Saber |
|
|
|
| Thread Tools | |
|
|
