Help please. system32\printer.exe not found message

Discussion in 'Security, Spyware and Viruses' started by Stupot148, Aug 15, 2007.

Thread Status:
Not open for further replies.
  1. Stupot148

    Stupot148

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    Hi, I am running Windows XP and when I switch on I get the message `Windows cannot find C:\WINDOWS\system32\printer.exe.`.
    This message started appearing after I hooked a virus (trojan horse downloader, trojan horse exploit downloader, trojan horse generic 6, as listed in my AVG free edition virus vault), which I`ve since done scans with AVG, spybot search and destroy, AOL spyware protection and windows defender, removing several items.

    Also when trying to remove errors using windows defender, I am getting errors 0x80508026, 0x80501001 and are unable to delete, then telling me to delete the archive they are in. Which I believe means editing the registry.

    Microsoft help and support suggested that `cannot find C:\WINDOWS\system32\printer.exe` issue is due to incomplete removal of W32.KWBot.C.worm virus and suggests removing the virus completely from the registry.
    However, the registry keys they suggested deleting I could not find...is it possible these keys have already been deleted or is it me looking wrong and should I continue with the rest of their instructions? I am fairly novice at this and am wary of deleting from the registry.

    Also when I try to do certain tasks, for eg: add/remove programs I get the message `this operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator`.

    Also I have noticed that my control panel has disappeared from the start menu.

    Otherwise everything else seems to be running ok.

    Any help with this would be much appreciated. Thanks.
     
    Stupot148, Aug 15, 2007
    #1
    1. Advertisements

  2. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    I suggest you download HijackThis and post a log file so we can take a look. :thumb:

    I also suggest you try a couple of on-line virus scanners.


    Welcome to the forums. ;)
     
    muckshifter, Aug 15, 2007
    #2
    1. Advertisements

  3. Stupot148

    Stupot148

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    Hi this attachment is my highjackthis log file. Thanks.
     

    Attached Files:

    Stupot148, Aug 16, 2007
    #3
  4. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    ouch ...

    You do have one nastie I can see, along with a lot of unnecessary/unknown loading programs ... suggest you get HJT to fix;


    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    I call it a nastie!! ... up to you

    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    Crock of **** not on my PC ... up to you. I would uninstall

    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr220.dll (file missing)
    Unknown application. However, it is unnecessary (deactivated) entry that can be fixed.

    Google & Yahoo Toolbars ??? better to dump Yahoo

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    Not dangerous, but unnecessary. System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences ... Realplayer ain't allowed anywhere near my PCs

    O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
    Hmmm, not for me ... don't like it loading up

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169237850\ee\AOLSoftware.exe
    Not dangerous, but unnecessary. Quoted from AOL Beta Team

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    Not dangerous, but unnecessary. Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE ... are you Japanese/Chinese?

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    Two of 'em loading ... see above

    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    Not dangerous, but unnecessary. InstallShield Update Service Scheduler; automatically searches for and performs any updates to the software so you’re always working with the most current version. Not required.

    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    Not dangerous, but unnecessary. InstallShield Update Service related; Automatically searches for and performs any updates to the software. Not required.

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Not dangerous, but unnecessary. QuickTime, ugh!

    O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\STUART NEWSTEAD\Application Data\findfast.exe
    I'll sit on the fence, but I would not have it loading on my PCs

    O4 - HKLM\..\Run: [LaserJet] C:\WINDOWS\system32\spoolvs.exe
    Unsure to me... but have a look Here you decide, but I would be deleting it.

    NOTE also
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    OUCH! Nastie and a half ... must be fixed

    O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
    It ain't working, is it ... shame AOHell went and dumped Kaspersky for MCrapie ... do not fix with HJT, uninstall this crap.

    O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\STUART NEWSTEAD\Application Data\findfast.exe
    Again? it's loading twice ??

    O4 - HKCU\..\Run: [LaserJet] C:\WINDOWS\system32\spoolvs.exe
    oops ... again ??

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    Nastie. To be fixed immediately!

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    This ain't MSN ... rename msmsgs.exe to msmsgs.sav ... that will stop this bugger from running.


    Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your operating system. I cannot guarantee that problems resulting from modifications to the registry can be solved. Use the information provided at your own risk.



    Please turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.



    Good luck! You still have a Trogan or two on your system ...


    [​IMG]
     
    muckshifter, Aug 16, 2007
    #4
  5. Stupot148

    Stupot148

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    Hi, when I attempt to turn off System Restore, after I right click my computer and then click properties all I can get is "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator". Should I use HJT to fix first, before I turn off System Restore? Also, is it just a matter of ticking all of the items you listed above and clicking fix checked? I am assuming that I`m getting the above message when trying to turn off System Restore because of the bugs in the system. Sorry if I seem unsure as I am little more than a beginner.
    Thanks again.
     
    Stupot148, Aug 16, 2007
    #5
  6. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    Yep, better see if you can get some control back with HJT fixes.


    :thumb:
     
    muckshifter, Aug 16, 2007
    #6
  7. Stupot148

    Stupot148

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    Fix checked with HJT as you suggested above, but i still have no control panel in start menu, also cant use run control to access it, and are unable to use add/remove programs. Still cant access system restore.
    Just getting the operation cancelled administrator message as stated above.
     
    Stupot148, Aug 17, 2007
    #7
  8. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    I suggest you do this ...

    Double-click My Computer.
    Click the Tools menu, and then click Folder Options.
    Click the View tab.
    Clear "Hide file extensions for known file types."
    Under the "Hidden files" folder, select "Show hidden files and folders."
    Clear "Hide protected operating system files."
    Click Apply, and then click OK.

    Open the HijackThis Folder. Find the file HijackThis.exe, Right Click on the file and Select Rename. Rename Hijackthis.exe to Spyware.exe


    After the above: ...

    Please download ATF Cleaner by Atribune.
    http://www.atribune.org/ccount/click.php?id=1

    Double-click ATF-Cleaner.exe to run the program

    Under Main choose: Select All
    Click the Empty Selected button.

    (NOTE: If you use FireFox or the Opera browser
    To keep saved passwords, click No at the prompt.)

    It's normal after running ATF cleaner that the PC will be slower to boot the first time.


    Next ...

    Download ComboFix from HERE to your Desktop, or a folder of choice.

    Double click combofix.exe and follow the prompts.

    When finished, it shall produce a log for you, combofix.txt.

    Note: Do not move the mouse or click while it's running.
    That may cause it to stall.


    Next ...

    Reboot and "copy/paste" a combofix.txt Log and a new HijackThis log file into this thread.


    :user:
     
    muckshifter, Aug 17, 2007
    #8
  9. Stupot148

    Stupot148

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    Here is my combofix.txt log...

    ComboFix 07-08-14.4 - "STUART NEWSTEAD" 2007-08-17 18:21:10.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.123 [GMT 1:00]
    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\Redemption.ECF

    ((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))

    2007-08-17 18:20 51,200 --a------ C:\WINDOWS\nircmd.exe


    2007-08-16 21:23 d-------- C:\DOCUME~1\STUART~1\.housecall6.6



    2007-08-16 18:57 d-------- C:\Program Files\Lavasoft



    2007-08-16 18:57 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft



    2007-08-16 18:55 d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2007-08-16 18:39 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT


    2007-08-16 18:39 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver



    2007-08-16 18:39 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help



    2007-08-16 18:39 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL



    2007-08-15 18:38 d-------- C:\Program Files\Uniblue

    2007-08-13 19:39 51,206 --a------ C:\DOCUME~1\STUART~1\APPLIC~1\spoolsv.dll

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-08-15 18:38 --------- d-------- C:\DOCUME~1\STUART~1\APPLIC~1\Uniblue
    2007-07-27 17:34 --------- d-------- C:\Program Files\AOL 9.0a
    2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-14 09:55 --------- d-------- C:\Program Files\Windows Live Safety Center
    2007-07-14 09:50 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-14 09:50 --------- d-------- C:\Program Files\Google
    2007-07-14 09:47 --------- d-------- C:\DOCUME~1\STUART~1\APPLIC~1\MSNInstaller
    2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
    2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 09:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 08:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-19 14:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
    2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
    2007-05-17 12:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
    2007-05-17 12:28 549376 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 16:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 C:\WINDOWS\RTHDCPL.exe]
    "PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 13:08]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 19:57]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 13:38]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 13:35]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Pest Cleaning"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2006-12-26 16:44:14]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Assistant.lnk
    backup=C:\WINDOWS\pss\AOL Broadband Assistant.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    Contents of the 'Scheduled Tasks' folder
    2007-08-17 16:41:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
    2007-07-04 12:11:21 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    2007-07-04 12:10:36 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    **************************************************************************
    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-17 18:22:55
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Completion time: 2007-08-17 18:23:43
    C:\ComboFix-quarantined-files.txt ... 2007-08-17 18:23
    --- E O F ---


    And here is my new HighJackThis log...


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:32:28, on 17/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\APPS\Powercinema\PCMService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Common Files\AOL\1169237850\ee\aolsoftware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\AOL 9.0a\aoltray.exe
    c:\program files\common files\aol\1169237850\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1169237850\ee\aolsoftware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\STUART NEWSTEAD\My Documents\Spyware.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "cws" "2"
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 8688 bytes

    Thanks.
     
    Stupot148, Aug 17, 2007
    #9
  10. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    Nice-n-clean ... how is the PC running now ... ?


    :user:
     
    muckshifter, Aug 17, 2007
    #10
  11. Stupot148

    Stupot148

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    PC all seems to be back to normal now thanks. Control panel has returned to start menu, I can now remove programs & the administrator error message has gone.


    Many Thanks.

    PS.. do I need to undo any changes I made to the tools\folder options\view, or should I leave as is?

    Thanks again for your help, much appreciated.
     
    Stupot148, Aug 18, 2007
    #11
  12. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    You is welcome ... up to you if you want to change back ... tools\folder options\view ... most of us leave it as you have it now, so we can 'see' what is what and where.

    For my Sister, however, I had to re-hide ... "Show hidden files and folders." and "Hide protected operating system files." ... it was confusing to her, she could "see strange folders" in her pictures album. :D But I left extensions visible.

    You don't normally need them visible ... I leave it to you.


    [​IMG]
     
    muckshifter, Aug 18, 2007
    #12
  13. Stupot148

    dalton

    Joined:
    Aug 18, 2007
    Messages:
    3
    Likes Received:
    0
    help please

    hi, i have what seems to be the same problem as stupot148 had. no control panel and the restricion error ( exactly the same as his) i dont know much about computers or how to fix this. so if you could help me please i would appreciate it much.
     
    dalton, Aug 18, 2007
    #13
  14. Stupot148

    Karianp

    Joined:
    Aug 20, 2007
    Messages:
    1
    Likes Received:
    0
    Need Help Too!!!

    HI!!!

    I've been having the same issue after getting this anoying message "Your computer is infected! Windows has deleted spyware infection!".... I've tried AVG Anti-Spyware, Adaware, Spy-bot Search and destroy.... The message stopped but now I can't see the control panel and at boot up the following message "system32\printer.exe not found" ... PLEASE HELP.... I'm attaching the log from Hijackthis.....
     

    Attached Files:

    Karianp, Aug 20, 2007
    #14
  15. Stupot148

    yjohari

    Joined:
    Oct 29, 2007
    Messages:
    1
    Likes Received:
    0
    Control panel gone on my desktop running on Windows 2000

    Hi, I got a problem with my desktop ... My control panel is gone... Is there anyway to restore back the control panel.

    Heres what I got:
    Operating System: Windows 2000
    Anti Virus Software : Symantec Antivirus ver. 10.1.6.6000


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:45:49 AM, on 10/30/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\TTERMPRO\ttermpro.exe
    C:\Program Files\TTERMPRO\ttermpro.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gww.getranet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.x10.com/?Z3JpZGVtZ3B1MS5kYXQ=RND|CHARLOSWAP1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Getronics
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.asia.unity/wpad.dat
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pxysgsg001:80
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [UserPostInstall] C:\Winnt\system32\MIScrosoft\UserPost2k.exe
    O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINNT\system32\spool\DRIVERS\W32X86\2\fpdisp4.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINNT\web\tree.htm
    O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINNT\web\tree.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINNT\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\WINNT\System32\shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://gww.getranet.com
    O15 - Trusted Zone: *.getranet.com
    O15 - Trusted Zone: *.getronics.com
    O15 - Trusted Zone: *.getranet.com (HKLM)
    O15 - Trusted Zone: *.getronics.com (HKLM)
    O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = asia.unity
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = asia.unity
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = asia.unity,australia.unity,europe.unity,americas.unity,unity
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = asia.unity
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = asia.unity,australia.unity,europe.unity,americas.unity,unity
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = asia.unity,australia.unity,europe.unity,americas.unity,unity
    O20 - AppInit_DLLs: sulimo.dat
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O24 - Desktop Component 0: (no name) - http://www.yellowpages.com.sg/iyp/images/top01.gif

    --
    End of file - 7335 bytes
     
    yjohari, Oct 30, 2007
    #15
  16. Stupot148

    Help Jessica

    Joined:
    Nov 11, 2007
    Messages:
    2
    Likes Received:
    0
    advice for HJT fixes

    I'm having the same problem, this is my hijack log, what should I check for HJT to delete?


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:27:08 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\WINDOWS\system32\lxcgcoms.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\uchdylhv\eluxhdyh.dll (file missing)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
    O4 - HKLM\..\Run: [xkxkbklm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\xkxkbklm.dll"
    O4 - HKLM\..\Run: [nydongng] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nydongng.dll"
    O4 - HKLM\..\Run: [gvsjghmh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gvsjghmh.dll"
    O4 - HKLM\..\Run: [ybqfwbsn] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ybqfwbsn.dll"
    O4 - HKLM\..\Run: [sfuhcpwn] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\sfuhcpwn.dll"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
    O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: .protected
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: .protected
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{82540348-12A3-4B56-B93A-49C6E0F54C45}: NameServer = 142.161.2.155 142.161.130.155
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    --
    End of file - 9565 bytes
     
    Help Jessica, Nov 11, 2007
    #16
  17. Stupot148

    muckshifter Captain Crunchie, Retired Moderator

    Joined:
    Mar 5, 2002
    Messages:
    22,821
    Likes Received:
    127
    Location:
    In a Hovel
    http://www.pcreview.co.uk/forums/thread-2678309.php


    :user:
     
    muckshifter, Nov 11, 2007
    #17
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Momentum
    Replies:
    9
    Views:
    9,381
    Alchemist
    Nov 12, 2009
  2. carlosserrano63

    help system32\printer.exe not found

    carlosserrano63, Feb 23, 2008, in forum: Security, Spyware and Viruses
    Replies:
    1
    Views:
    1,417
    guest_9323wk
    Feb 23, 2008
  3. davidg

    Help with System32 infection please

    davidg, Apr 8, 2008, in forum: Security, Spyware and Viruses
    Replies:
    16
    Views:
    2,459
    vituccin
    Oct 25, 2008
  4. SignFire

    Is this 'system32/printer.exe' warning a Trojan Virus?

    SignFire, Jun 17, 2008, in forum: Security, Spyware and Viruses
    Replies:
    9
    Views:
    707
    Waynos_Face
    Jun 20, 2008
  5. philiopian
    Replies:
    3
    Views:
    2,144
    JIM451
    Jun 28, 2010
Loading...
Thread Status:
Not open for further replies.

Share This Page