Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member coconuts's Avatar
    Join Date
    Jan 2005
    Posts
    35
    Points
    0

    Default Annoying virsus - Logfile of HijackThis included

    I'm having a problem with a virsus thats giving me two problems
    1) Everytime I open either Mozilla or IE internet browsers a second window opens also which is annoying. This is the site thats opens
    http://www.amaena.com/securityworm5/?aid=mwav1&lid=h6

    2) I can't turn on my windows firewall, when I press "Enable" I get a message that it cannot turn it on. It was always on before but this virsus must have turned it off.

    I've followed all the steps in the tutorial and although I found lots of trojans etc I'm still having the same problems.

    This is the log from HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 23:32:36, on 11/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c02&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/...c02&lc=0809&ac
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122905887981
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\j62qlgf5162.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Please down load this program:

    http://www.atribune.org/content/view/28/

    Please download Look2Me-Destroyer.exe to your desktop.

    Close all windows before continuing.

    Double-click Look2Me-Destroyer.exe to run it.

    Put a check next to Run this program as a task.

    You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK

    When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

    Once it's done scanning, click the Remove L2M button.

    You will receive a Done Scanning message, click OK.

    When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    Your computer will then shutdown.

    Turn your computer back on.

    Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.

    BG

  3. #3
    Member coconuts's Avatar
    Join Date
    Jan 2005
    Posts
    35
    Points
    0

    Default

    I ran look2me-destroyer and these are the results

    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 12/04/2006 10:45:06

    Infected! C:\WINDOWS\system32\j62qlgf5162.dll
    Infected! C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP325\A0054477.dll
    Infected! C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP325\A0054479.dll
    Infected! C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP327\A0054548.dll
    Infected! C:\WINDOWS\system32\e6202gfmg62a2.dll
    Infected! C:\WINDOWS\system32\j62qlgf5162.dll
    Infected! C:\WINDOWS\system32\q6nulg5916.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\j62qlgf5162.dll
    C:\WINDOWS\system32\j62qlgf5162.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP325\A0054477.dll
    C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP325\A0054477.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP325\A0054479.dll
    C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP325\A0054479.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP327\A0054548.dll
    C:\System Volume Information\_restore{77BD54D2-7CCA-4CAA-8C8E-7D47D8611E73}\RP327\A0054548.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\e6202gfmg62a2.dll
    C:\WINDOWS\system32\e6202gfmg62a2.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\j62qlgf5162.dll
    C:\WINDOWS\system32\j62qlgf5162.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\q6nulg5916.dll
    C:\WINDOWS\system32\q6nulg5916.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1A773A6D-C657-444B-9FA2-352CB4AC37E3}"
    HKCR\Clsid\{1A773A6D-C657-444B-9FA2-352CB4AC37E3}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5FCF109F-9FA5-404A-881C-C24A034624A8}"
    HKCR\Clsid\{5FCF109F-9FA5-404A-881C-C24A034624A8}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{24B25087-EC9F-4CE1-B2CC-E727D549C30C}"
    HKCR\Clsid\{24B25087-EC9F-4CE1-B2CC-E727D549C30C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{46488E54-6C39-478D-A119-052C18CD2CAE}"
    HKCR\Clsid\{46488E54-6C39-478D-A119-052C18CD2CAE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5528B147-040A-40F6-A0B6-341C6667B789}"
    HKCR\Clsid\{5528B147-040A-40F6-A0B6-341C6667B789}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C604854D-D96D-4A7F-96F5-A243F5D4D628}"
    HKCR\Clsid\{C604854D-D96D-4A7F-96F5-A243F5D4D628}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{78CE2A46-E37E-4EBE-9D04-A26946DFCC84}"
    HKCR\Clsid\{78CE2A46-E37E-4EBE-9D04-A26946DFCC84}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E0372523-BBE4-4137-9385-B766ECE33370}"
    HKCR\Clsid\{E0372523-BBE4-4137-9385-B766ECE33370}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E1CEB1A-B36D-497F-9651-68A9CC77B58A}"
    HKCR\Clsid\{5E1CEB1A-B36D-497F-9651-68A9CC77B58A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FA963F20-05B1-4414-96C4-D63B376666BA}"
    HKCR\Clsid\{FA963F20-05B1-4414-96C4-D63B376666BA}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E29A96FE-97E3-431D-85CC-02E23F89B34A}"
    HKCR\Clsid\{E29A96FE-97E3-431D-85CC-02E23F89B34A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AF7B9566-D148-4665-ABF0-7A19542995DB}"
    HKCR\Clsid\{AF7B9566-D148-4665-ABF0-7A19542995DB}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E78F548D-A56E-46E1-B751-491083988B0F}"
    HKCR\Clsid\{E78F548D-A56E-46E1-B751-491083988B0F}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{086FDCF5-4D30-4B86-B9B5-8C66C6CA6AAF}"
    HKCR\Clsid\{086FDCF5-4D30-4B86-B9B5-8C66C6CA6AAF}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

  4. #4
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Need to see another HJT log.

    BG

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    If you are running a third party firewall like zonealarm then you should disable the windows firewall...

    You are running a third party firewall....

    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe

    However this firewall is not recommended...

    Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is considered a rogue anti-spyware app. here - http://www.spywarewarrior.com/rogue_anti-spyware.htm )

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member coconuts's Avatar
    Join Date
    Jan 2005
    Posts
    35
    Points
    0

    Default

    Here is my latest HJT log. I only installed Armor2net Personal Firewall because I couldn't turn on my windows firewall and I still can't. I can however surf the net now without new windows opening the whole time thanks to look2me-destroyer. Any ideas on the firewall?

    Logfile of HijackThis v1.99.1
    Scan saved at 23:37:54, on 12/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Compaq\EAB\EabServr.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...c02&lc=0809&ac
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...search&ap=b204
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/...c02&lc=0809&ac
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122905887981
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Do you get an error message when trying to turn on the windows firewall ?

    If yes... can you post it please exactly

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member coconuts's Avatar
    Join Date
    Jan 2005
    Posts
    35
    Points
    0

    Default

    This is the error message I keep getting


  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    1. Download this reg file (to your desltop) :-

    http://windowsxp.mvps.org/reg/sharedaccess.reg

    2. Double-click the sharedaccess.reg file to merge the contents to the registry.

    3. Restart Windows - you must do this now, or the rest of these instructions will not work...

    4. Go to > start > run > type cmd > OK ... a command prompt will open ...

    5. type NETSH FIREWALL RESET & press enter

    6. Close the cmd prompt

    7. Go to Control Panel, and check your Windows Firewall settings again

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member coconuts's Avatar
    Join Date
    Jan 2005
    Posts
    35
    Points
    0

    Default

    Thanks a million Steam alls working fine now. Thanks also to Basementgeek for your help.

Page 1 of 2 12 LastLast