Jump to content

TennisGeek

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral

About TennisGeek

  • Birthday 02/14/1959

Profile Information

  • Location
    Northeast US
  1. I figured it out. The igfxcpl.cpl applet did not work properly. I figured out what it is, then deleted it. I also deleted igfxtray.? (I don't remember what file type it was). The control panel works fine now. Thanks for the help.
  2. Here they are: Volume in drive C is DRV2_VOL1 Volume Serial Number is 9C60-7597 Directory of C:\WINDOWS\SYSTEM32 04/14/2008 05:42 AM 68,608 access.cpl 04/14/2008 05:42 AM 549,888 appwiz.cpl 05/08/2003 08:25 PM 815,104 B57exp.cpl 06/03/2003 11:38 AM 94,208 BCMSM.CPL 05/11/2001 01:00 AM 183,808 bdeadmin.cpl 04/14/2008 04:42 AM 110,592 bthprops.cpl 04/14/2008 05:42 AM 135,168 desk.cpl 04/14/2008 04:42 AM 80,896 firewall.cpl 04/14/2008 05:42 AM 155,136 hdwwiz.cpl 02/10/2004 10:53 AM 94,208 igfxcpl.cpl 04/14/2008 05:42 AM 360,960 inetcpl.cpl 04/14/2008 05:42 AM 129,536 intl.cpl 04/14/2008 05:42 AM 380,416 irprops.cpl 12/04/2008 08:33 PM 73,728 javacpl.cpl 04/14/2008 05:42 AM 68,608 joy.cpl 07/16/2003 11:26 AM 187,904 main.cpl 04/14/2008 05:42 AM 618,496 mmsys.cpl 07/16/2003 11:31 AM 35,840 ncpa.cpl 04/14/2008 04:42 AM 25,600 netsetup.cpl 04/14/2008 05:42 AM 257,024 nusrmgr.cpl 07/16/2003 11:34 AM 36,864 nwc.cpl 04/14/2008 05:42 AM 32,768 odbccp32.cpl 06/12/2000 05:09 AM 454,718 plotman.cpl 04/14/2008 05:42 AM 114,688 powercfg.cpl 06/12/2000 05:09 AM 454,719 styleman.cpl 04/14/2008 05:42 AM 300,544 sysdm.cpl 07/16/2003 11:41 AM 28,160 telephon.cpl 04/14/2008 05:42 AM 94,208 timedate.cpl 04/14/2008 04:42 AM 148,480 wscui.cpl 03/12/2004 02:53 PM 45,056 wtcpl.cpl 04/14/2008 05:42 AM 162,304 wuaucpl.cpl 31 File(s) 6,298,237 bytes 0 Dir(s) 18,111,320,064 bytes free
  3. Have you had a chance to look at this? Thanks.
  4. It says: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shell32.dll, version 6.0.2900.5512, fault address 0x0002aa60. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  5. Here are the results of the Panda scan: ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-11-28 19:24:06 PROTECTIONS: 0 MALWARE: 24 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D51D869-C36B-42bd-AE68-0A81BC771FA5} 00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} 00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} 00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76} 00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dave Miers\Cookies\dave miers@atdmt[2].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@linksynergy[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@com[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@com[3].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@com[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@xiti[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@azjmp[3].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@azjmp[2].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@toplist[1].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@toplist[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@apmebf[4].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@www.burstbeacon[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@www.burstbeacon[3].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@server.iad.liveperson[2].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@fl01.ct2.comclick[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dave Miers\Cookies\dave miers@advertising[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@adrevolver[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@ads.pointroll[3].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@ads.pointroll[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dave Miers\Cookies\dave miers@questionmarket[2].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@metriweb[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@go[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@target[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@atwola[3].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@atwola[1].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@ads.addynamix[2].txt 00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dave Miers\DoctorWeb\Quarantine\VirtumundoBeGone.exe 02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@adsrevenue[1].txt 03610091 Trj/Banker.FWD Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Miers\My Documents\Pyromaniac1444%27s SWEP Maker 1.5 EXE.zip[Pyromaniac1444's SWEP Maker 1.5 EXE.exe] ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtmulti.dll ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== and finally, the HJT scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:30:33 PM, on 11/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/ O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 5347 bytes
  6. I posted this in the PC Help section, and sho-dan asked me to post the problem here. I used MBAM to clean a virus off my computer 4 months ago. Since then, the control panel won't start: it gives me an error that "Windows Explorer has encountered a problem and needs to close." I've searched the internet, and can't find a solution for this. I've done two repair installations of the OS, but it does not fix this problem. I can run the individual applets by using Start->Run->control name.cpl, so the applets are there and work, but the normal control panel access does not work. Another symptom is that the computer does not always shut down properly. I've shut it down at night, and walked away assuming that it would turn off only to find in the morning that it was still on. The PC is running XP with SP3 installed. I deleted the MBAM logs from the summer, so I can't tell you what it found. I have AVG Free running along with the Online Armor firewall. Thanks for your help! I'll post the rest of the logs after the Panda scan is finished. Malwarebytes' Anti-Malware 1.30 Database version: 1428 Windows 5.1.2600 Service Pack 3 11/27/2008 10:33:27 AM mbam-log-2008-11-27 (10-33-27).txt Scan type: Quick Scan Objects scanned: 63377 Time elapsed: 6 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. I used MBAM to clean a virus off my computer 4 months ago. Since then, the control panel won't start: it gives me an error that "Windows Explorer has encountered a problem and needs to close." I've searched the internet, and can't find a solution for this. I've done two repair installations of the OS, but it does not fix this problem. I can run the individual applets by using Start->Run->control name.cpl, so the applets are there and work, but the normal control panel access does not work. Another symptom is that the computer does not always shut down properly. I've shut it down at night, and walked away assuming that it would turn off only to find in the morning that it was still on. The PC is running XP with SP3 installed. I deleted the MBAM logs from the summer, so I can't tell you what it found. I have AVG Free running along with the Online Armor firewall. Thanks for your help!
  8. Here they are. As you can see, it didn't find anything, but those files have already been cleaned out by either me or AVG. Malwarebytes' Anti-Malware 1.30 Database version: 1370 Windows 5.1.2600 Service Pack 3 11/6/2008 8:33:20 PM mbam-log-2008-11-06 (20-33-20).txt Scan type: Quick Scan Objects scanned: 55188 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:08 PM, on 11/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Dad\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 4671 bytes
  9. Hopefully I got this right this time. Here's the link: TrojanSendingSpam.rar Thanks again for all of your help!
  10. Sorry, I've been busy. The computer is running fine now, so I think it's cured. There is no longer the large number of ports being opened, and the computer has been online for a significant time with no calls from the ISP regarding rogue emails. I would like to get the files that we discussed to you for whatever help it might be in developing MBAM. If you would like them, let me know and I'll try the rapidshare route again. Otherwise, you can just go and close this thread. Thanks for your help!!!
  11. Sorry, it didn't work out the way I thought it would. Now I'm at work, and I can't go to rapidshare.com because it's blocked. If you want to log in to my account, the user name is TennisGeek, and the password is infected. The only file that should be in there is TrojanSendingSpam.rar. When I see that you've gotten the file, I'll change the password and delete the file from there. If you can't do this, I'll have to get the link at home tonight. Do I just copy and paste what's in the address bar on the browser to get the link? Last night I was connected to the internet for about an hour on this computer. I checked for the usual ports that get opened, and the list was as short as it is on my other, non-infected computers. I also haven't gotten the AVG pop-up warning of the trojan generic11... file. Was it possible someone was connecting to the computer, uploading the trojan, then using it? Then simply adding the firewall blocked all of this, and now the problem may be solved? Thanks.
  12. Ok, I got it them up to rapidshare. The acct. name is tennisgeek, and the password is infected. I included the two zipped files into a single file (TrojanSendingSpam.rar) that has the password "infected" on the archive, as well (I wasn't sure how you wanted this done). The gmerfilecopy.zip file is the one with the file that AVG found. The system32files.zip archive contains the suspicious files that I found. Thanks.
  13. I'm still limited to 50k and can't upload the files. Any ideas?
  14. It's not letting me upload the zipped .dll file. I'll try again tomorrow.
  15. I was not able to find these files. I've attached C:\Windows\System32\thtcrsfd.dll file. I've attached what files I can fit in the 500k upload (the .ini files). I'll try to get them to you tomorrow night. I also found this file in the \drivers folder: ethzbtwk.sys system32.zip ethzbtwk.sys.zip system32.zip ethzbtwk.sys.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.