find-online problem

Discussion in 'adware, spyware & hijack cleaning' started by pytris, Jun 14, 2004.

Thread Status:
Not open for further replies.
  1. pytris

    pytris Registered Member

    Joined:
    Jun 14, 2004
    Posts:
    4
    Hi everybody,
    Please help me!!!!!
    I have a problem with find-online hijackers. I´ve read many articles and tried almost everything but the problem haven´t been solved till yet. I´ve tried Ad-Aware, Spybot, CWshredder but after rebooting the page is still find-online including some new things in my favorites. And registry remains the same after rebooting system

    And I can´t use the system recovery tool.

    Here is the log from HIjackThis.

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Telpoc\TelPoc40.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\AVG7\avgcc.exe
    C:\PROGRA~1\AVG7\avgemc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\windll32.exe
    C:\WINDOWS\ziphelp.exe
    C:\Acrobat 5 CE\Distillr\AcroTray.exe
    C:\SONY\IMAGE TRANSFER\SonyTray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\AVG7\avgamsvr.exe
    C:\PROGRA~1\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Wincmd\TOTALCMD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\defuser\Plocha\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-online.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find-online.net/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find-online.net/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-online.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-online.net/index.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [telpocautorun] "C:\Program Files\Telpoc\TelPoc40.exe"
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\AVG7\avgregcl.exe /BOOT
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
    O4 - HKCU\..\Run: [ziphelp] C:\WINDOWS\ziphelp.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Acrobat 5 CE\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED385529-4CCF-44CC-B0FA-8A3129C1DE0B}: NameServer = 213.46.172.36,213.46.172.37
     
  2. pytris

    pytris Registered Member

    Joined:
    Jun 14, 2004
    Posts:
    4
    hurrrrrrraaaaaaaaaaa!
    don´t know how exactly but I did it!!!!!!!

    Here is the list of what I have fixed. Maybe it could be helpful for someone else.
    Thanks´s for all your answers to other people. It helps me a lot.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-online.net/sp.htm

    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add

    O4 - HKCU\..\Run: [ziphelp] C:\WINDOWS\ziphelp.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-online.net/index.htm

    R3 - Default URLSearchHook is missing

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find-online.net/index.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find-online.net/index.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-online.net/sp.htm

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    I have also deleted all the links in my favourites, which were added and deleted all TEMP directories.

    I´m very happy
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi pytris,

    I don't think you're out of the woods just yet.

    You've removed Spybot Search&Destroy's SDHelper.dll in your fix above.

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    See if you can restore it from the backups in Hijackthis. Open Hijackthis and in the lower right corner click on the "Config....." button. Then click on the "Backups" button. Find the one for SDHelper.dll and click on it to choose, then click the "Restore" button.

    Then rescan with Hijackthis and place a check beside the following items.
    Make sure all windows are closed except Hijackthis, and click *Fixed checked:

    O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe

    ***
    I am not finding much on this one. If you don't recognize it, then include it to be fixed also. Then navigate to the file and upload it to Kaspersky

    O4 - HKLM\..\Run: [telpocautorun] "C:\Program Files\Telpoc\TelPoc40.exe"

    Make sure you have the latest version of CWShredder. You can download it from this link: https://www.wilderssecurity.com/showthread.php?t=14086
    Then run the program by pressing the *Fix* button (not just the scan button). Follow the instructions as prompted. Then reboot your computer once CWShredder is finished.

    Next, do a full system scan using one of these on-line scanners: Free Services

    Post a new log here in this thread to be checked.

    Regards,

    snap

    reference: windll32.exe - http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.l.html
     
  4. pytris

    pytris Registered Member

    Joined:
    Jun 14, 2004
    Posts:
    4
    Hi snapdragin,
    I haven´t check forum for last 14 days (have been to Portugal). Apologize myself.
    I don´t have problems so far with hijacking my homepage.
    Spybot can´t be restored but I have reinstalled this appl. once more
    I can recognize telpoc - that´s not a problem.
    I have done all you have reccomended. There are some new (not known to me) things in the log like:
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKCU\..\Run: [Snws] C:\Documents and Settings\defuser\Data aplikací\attc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

    Here is the complete HIJACKTHIS log after Panda Active scan:

    Logfile of HijackThis v1.97.7
    Scan saved at 0:01:10, on 29.6.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\AVG7\avgcc.exe
    C:\PROGRA~1\AVG7\avgemc.exe
    C:\Program Files\VVSN\VVSN.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\System Mechanic 4\PopupStopper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\defuser\Data aplikací\attc.exe
    C:\WINDOWS\System32\NDrv.exe
    C:\Acrobat 5 CE\Distillr\AcroTray.exe
    C:\SONY\IMAGE TRANSFER\SonyTray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\AVG7\avgamsvr.exe
    C:\PROGRA~1\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Wincmd\TOTALCMD.EXE
    c:\Program Files\HIJACKTHIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\AVG7\avgregcl.exe /BOOT
    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\Program Files\System Mechanic 4\SMUtilityBar.exe"
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\System Mechanic 4\PopupStopper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Snws] C:\Documents and Settings\defuser\Data aplikací\attc.exe
    O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Acrobat 5 CE\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED385529-4CCF-44CC-B0FA-8A3129C1DE0B}: NameServer = 213.46.172.36,213.46.172.37


    And if you are interested in here is the Panda Active scan Report


    Incident Status Location

    Virus:W32/Lovgate.gen Disinfected C:\PETR\Osobní\NET\upload\Instalacni disky\AVG 7_0\Old\Removers\rmlovgte.exe
    Virus:Trj/Axacept.A Disinfected C:\RECYCLER\S-1-5-21-746137067-1993962763-1343024091-1003\Dc10.exe
    Virus:Trj/StartPage.EH Disinfected C:\WINDOWS\hosts
    Virus:Trj/StartPage.EH Disinfected C:\WINDOWS\system.exe
    Virus:Bck/Webber.L Disinfected C:\WINDOWS\system32\Djojbj32.dll
    Virus:Bck/Webber.M Disinfected C:\WINDOWS\system32\Ojpbln32.exe
    Virus:Trj/Downlaoder.GO Disinfected C:\WINDOWS\system32\windll32.exe Is it solved or do I have to fix something more (I gues yes)

    Thnx in Advance
    Pytris
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Pytris,

    Good work! Looks like the Panda scan caught the nasty ones and removed them. :)

    There are a few more left that still needs to go.

    Please re-scan with Hijackthis and place a check beside the following items.
    Close ALL browsers and any other open windows (except HijackThis) and click *Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (file missing)


    O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
    O4 - HKCU\..\Run: [Snws] C:\Documents and Settings\defuser\Data aplikací\attc.exe
    O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

    Then boot your computer into safe mode by tapping the F8 key just before windows begins to load.

    Find and delete the following listed in bold:
    C:\Program Files\VVSN <--the folder
    C:\WINDOWS\System32\NDrv.exe <--the file
    C:\Documents and Settings\defuser\Data aplikací\attc.exe <--the file

    In case the above files are hidden, make sure you have all files and folders viewable.
    For instructions on how to do that. Click Here


    (Fixing these does not delete the program but just stops them from starting up when you turn your computer on. They are optional to fix but usually recommended since they do take up valuable resources at startup.)
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    Quoted from Pac's Startup List: "nwiz - Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system".


    Use the Disk cleanup Utility to clean out your Temp folders. Disk Cleanup Utility

    Reboot your computer normally.

    ****

    Then turn off your System Restore and reboot your computer again to clear out the old restore points. This will remove any infected files that would have been backed up in there: System Restore Instructions for XP. Remember to re-enable System Restore after a reboot, and set a new Restore Point.

    Then before you go anywhere else on the internet, go first to Microsoft's Update Site and download and install ALL the Critical Updates listed for XP and IE6 installed. You are seriously behind in your updates and patches and at great risk of reinfection.

    Here are some steps to follow to help tighten your security and help prevent future infection:
    Why did I get infected in the first place?

    Once the above is done, rescan with Hijackthis and post a new log (in this thread) so we can check it.

    Regards,

    snap
     
  6. pytris

    pytris Registered Member

    Joined:
    Jun 14, 2004
    Posts:
    4
    Hi snap,
    All steps done. I haven´t fixed the nwiz.exe.
    and here is the Hijackthis log (looks muuuuuuuuch better).

    Logfile of HijackThis v1.97.7
    Scan saved at 16:02:32, on 30.6.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\PROGRA~1\AVG7\avgcc.exe
    C:\PROGRA~1\AVG7\avgemc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\System Mechanic 4\PopupStopper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Acrobat 5 CE\Distillr\AcroTray.exe
    C:\SONY\IMAGE TRANSFER\SonyTray.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\AVG7\avgamsvr.exe
    C:\PROGRA~1\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\msiexec.exe
    c:\Program Files\HIJACKTHIS\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\AVG7\avgregcl.exe /BOOT
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\Program Files\System Mechanic 4\SMUtilityBar.exe"
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\System Mechanic 4\PopupStopper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Acrobat 5 CE\Distillr\AcroTray.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED385529-4CCF-44CC-B0FA-8A3129C1DE0B}: NameServer = 213.46.172.36,213.46.172.37

    thanks a lot. I´m learning and learning and learning........ ;)
    Petr
     
  7. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Petr,

    Oh yes, looks muuuuuch better! Your log is clean. :D

    Very glad to see you've updated the Critical Updates and Service Pack. Please remember to turn off your System Restore, reboot to clear it, then turn it back on again.

    I am not seeing a firewall running, so you might want to look into getting a software firewall so you'll have better control over what connects to the internet. You can find a list of the recommended one's here: http://www.wilders.org/firewalls.htm as well as looking through our forum and getting member's suggestions.

    Best regards,

    snap
     
Thread Status:
Not open for further replies.