1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"attempt to change IE settings" on startup

Discussion in 'Virus & Other Malware Removal' started by fourpointer, Nov 12, 2007.

Thread Status:
Not open for further replies.
  1. fourpointer

    fourpointer Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    1
    Hey, all!

    I have a question about a warning I keep getting. Every time I start-up my computer, I get a warning from SpywareGuard browser protection saying "an attempt to change IE settings has been detected!" and that something is trying to change my IE search bar, home page, local page, etc. Also, Panda AV is detecting an attempt to change my registry settings for Internet Explorer. (I use IE7, Windows XP SP2)

    I ran HJT, and here is the log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:31:23 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
    C:\WINNT\system32\mgabg.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\eSnips\ClientGW.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\ApvxdWin.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\avciman.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = c13-sbs:8080
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
    O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043676b3356bf6da9619/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175703330156
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = knox13.com
    O17 - HKLM\Software\..\Telephony: DomainName = knox13.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = knox13.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = knox13.com
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.EXE
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

    I ran Combofix. Here's that log:

    ComboFix 07-11-08.1 - Wayne 2007-11-12 19:04:53.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.301 [GMT -5:00]
    Running from: C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINNT\dravic.exe
    C:\WINNT\xlavba6.exe
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_RUNTIME
    -------\LEGACY_SYMAVC32


    ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
    .

    2007-11-12 19:12 15,920 --a------ C:\WINNT\system32\pfdnnt.exe
    2007-11-12 19:02 51,200 --a------ C:\WINNT\NirCmd.exe
    2007-11-07 07:45 <DIR> d-------- C:\Program Files\DivX
    2007-10-31 15:57 <DIR> d-------- C:\Documents and Settings\Wayne\Application Data\Grisoft
    2007-10-31 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-31 15:56 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
    2007-10-29 11:20 3,352 --a------ C:\WINNT\system32\tmp.reg
    2007-10-29 07:39 <DIR> d-------- C:\WINNT\ERUNT
    2007-10-29 07:15 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-10-27 11:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-27 11:14 <DIR> d-------- C:\Documents and Settings\Wayne\Application Data\SUPERAntiSpyware.com
    2007-10-27 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-19 19:56 1,044,480 --a------ C:\WINNT\system32\libdivx.dll
    2007-10-19 19:56 200,704 --a------ C:\WINNT\system32\ssldivx.dll
    2007-10-19 16:05 <DIR> d-------- C:\Program Files\Opera
    2007-10-19 16:01 <DIR> d-------- C:\Program Files\Netscape
    2007-10-19 16:01 <DIR> d-------- C:\Documents and Settings\Wayne\Application Data\Netscape
    2007-10-19 07:15 138 --a------ C:\WINNT\drkara.exe
    2007-10-16 13:50 <DIR> d-------- C:\Program Files\GuitarPower
    2007-10-16 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-15 12:21 0 --a------ C:\WINNT\mozver.dat
    2007-10-15 09:11 <DIR> d-------- C:\Program Files\SpywareGuard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-13 00:12 1,244 ----a-w C:\WINNT\system32\drivers\APPFLTR.CFG.bck
    2007-11-13 00:12 1,244 ----a-w C:\WINNT\system32\drivers\APPFLTR.CFG
    2007-11-13 00:08 330,836 ----a-w C:\WINNT\system32\drivers\APPFCONT.DAT.bck
    2007-11-13 00:08 330,836 ----a-w C:\WINNT\system32\drivers\APPFCONT.DAT
    2007-11-12 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-08 17:52 --------- d-----w C:\Program Files\RegScrubXP
    2007-11-06 19:36 --------- d-----w C:\Program Files\e-sword
    2007-10-30 17:30 --------- d-----w C:\Program Files\Google
    2007-10-30 17:30 --------- d-----w C:\Program Files\eSnips
    2007-10-27 16:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-23 20:18 --------- d-----w C:\Program Files\SpywareBlaster
    2007-10-12 11:41 --------- d-----w C:\Program Files\InterMute
    2007-10-10 22:09 --------- d--h--w C:\Documents and Settings\Wayne\Application Data\Move Networks
    2007-10-01 19:52 --------- d-----w C:\Program Files\QuickTime
    2007-09-29 17:35 --------- d-----w C:\Program Files\Ring Factory
    2007-09-25 17:54 --------- d-----w C:\Program Files\RegistryFix
    2007-09-25 16:54 --------- d-----w C:\Program Files\STEP
    2007-09-19 16:21 156,028 ----a-w C:\libmp3lame-win-3.97.zip
    2007-09-17 21:40 --------- d-----w C:\Program Files\WAV to MP3 Encoder
    2007-09-17 18:22 --------- d-----w C:\Program Files\Audacity
    2007-09-10 22:24 68,479 ----a-w C:\Documents and Settings\Wayne\cc_20070910_1823.reg
    2007-03-17 19:12 303,104 ----a-w C:\Documents and Settings\libmp3lame-3.97\lame_enc.dll
    2004-05-09 01:19 271 --sh--w C:\Program Files\desktop.ini
    2004-05-09 01:19 21,952 -c-ha-w C:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-02-27 17:01]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-02-27 17:02]
    "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINNT\KHALMNPR.Exe]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 17:55]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 00:48]
    "Matrox PowerDesk SE"="c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2007-04-04 08:48]
    "eSnips"="C:\Program Files\eSnips\ClientGW.exe" [2007-01-04 15:24]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-10 16:38]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2006-02-28 07:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    C:\Documents and Settings\Wayne\Start Menu\Programs\Startup\
    SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
    avldr.dll 2007-02-15 18:02 50736 C:\WINNT\system32\avldr.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=C:\WINNT\pss\Acrobat Assistant.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINNT\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINNT\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
    "C:\WINNT\Twain_32\fjscan32\FjtwSetup.exe" /Station

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetinfomon manager]
    c:\winnt\inetinfomon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
    C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StdAFX]
    C:\WINNT\system32\stdafx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    "mobsync.exe" /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    "C:\Program Files\Unlocker\UnlockerAssistant.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    C:\PROGRA~1\SYMANT~2\VPTray.exe

    R1 APPFLT;App Filter Plugin;\??\C:\WINNT\system32\Drivers\APPFLT.SYS
    R1 DSAFLT;DSA Filter Plugin;\??\C:\WINNT\system32\Drivers\DSAFLT.SYS
    R1 FNETMON;NetMon Filter Plugin;\??\C:\WINNT\system32\Drivers\fnetmon.SYS
    R1 IDSFLT;Ids Filter Plugin;\??\C:\WINNT\system32\Drivers\IDSFLT.SYS
    R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINNT\system32\Drivers\NETFLTDI.SYS
    R1 pivot;pivot;C:\WINNT\system32\drivers\pivot.sys
    R1 ShldDrv;Panda File Shield Driver;\??\C:\WINNT\system32\DRIVERS\ShlDrv51.sys
    R1 SMSFLT;SMS Filter Plugin;\??\C:\WINNT\system32\Drivers\SMSFLT.SYS
    R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINNT\system32\Drivers\WNMFLT.SYS
    R2 cpoint;Panda CPoint Driver;C:\WINNT\system32\Drivers\cpoint.sys
    R2 Matrox Centering Service;Matrox Centering Service;"c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe"
    R2 PavProc;Panda Process Protection Driver;\??\C:\WINNT\system32\DRIVERS\PavProc.sys
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINNT\system32\DRIVERS\fetnd5bv.sys
    R3 G400DH;G400DH;C:\WINNT\system32\DRIVERS\g400dhm.sys
    R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINNT\system32\DRIVERS\netimflt.sys
    S3 AvFlt;Antivirus Filter Driver;C:\WINNT\system32\drivers\av5flt.sys
    S3 PavSRK.sys;PavSRK.sys;\??\C:\WINNT\system32\PavSRK.sys
    S3 PavTPK.sys;PavTPK.sys;\??\C:\WINNT\system32\PavTPK.sys
    S3 pivotmou;Pivot Mouse/Pointers Filter Driver;\??\C:\WINNT\system32\drivers\pivotmou.sys
    S3 scsiscan;SCSI Scanner Driver;C:\WINNT\system32\DRIVERS\scsiscan.sys
    S3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
    S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-12 01:08:29 C:\WINNT\Tasks\User_Feed_Synchronization-{319BFAD4-5FA9-4388-9BD9-688EB0D66189}.job"
    - C:\WINNT\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-12 19:12:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-12 19:17:08 - machine was rebooted
    .
    --- E O F ---

    --------------------------------------

    I don't have any problems running IE, just these messages on startup. Any suggestions? :confused:
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651132

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice