Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected viruses, sluggish & erratic behaviour!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Katana » February 22nd, 2008, 6:37 pm

That's all looking good now :)
That "brief" log is fine :lol:

You mentioned that Kaspersky gave you some warnings, did you find out what they were ?

Find Uninstall Command
  • Open Hijack This
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Highlight Logitech® Camera Driver
  • Copy the contents of the box marked Uninstall Command
  • Paste the contents in your reply

MSConfig Look
Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is unchecked.

@echo off
regedit /a /e %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt
del /q mslook.bat
exit

Save it to your Desktop as mslook.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: mslook.bat

Locate mslook.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby DO498 » February 23rd, 2008, 5:52 am

Hi ya, Thanks for confirming good progress, very encouraging!

I think Kaspersky found the following:

"not found: virus Heur.Invader (modification) File: c:\documents and settings\david\desktop\combofix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe//PE_Patch.UPX"

Since it raised the alarm just after I loaded Combifix - my fault I think coz I hadn't switched off Protection prior to playing with Combifix! :( Just out of interest have you picked up any/many infections/issues and the like?

This is not strictly related and I don't know if this is / should be a separate malware forum topic, but the fans on this laptop are running constantly when the machine is active, seems odd to me - could this be coz of the addtional (512) memory I implanted a while back?

Here's the Camera uninstall command, setup.exe does exist as noted here...

"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

And finally (!) here's the mslook.bat log file:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DSLMON.lnk"
"backup"="C:\\WINDOWS\\pss\\DSLMON.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SAGEM\\TALKTA~1\\dslmon.exe "
"item"="DSLMON"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Exif Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FINEPI~1\\QuickDCF.exe "
"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\combofix]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Combobatch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\kmd.exe /c C:\\ComboFix\\Combobatch.bat"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iKeyWorks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ikeymain"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OpwareSE2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerBar"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:\Program Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tkliwfkt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\tkliwfkt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002

--------------- oOo ---------------

Cheers, D
DO498
Regular Member
 
Posts: 36
Joined: August 28th, 2007, 5:29 pm
Location: Dorset

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Katana » February 23rd, 2008, 7:24 am

Just out of interest have you picked up any/many infections/issues and the like?

Do you mean on my machine ?
the fans on this laptop are running constantly when the machine is active, seems odd to me - could this be coz of the addtional (512) memory I implanted a while back?

Not got a clue :)



OK, lets see if we can narrow that registry entry down a bit, and see if the Setup file actually exists

MSConfig Look
Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is unchecked.

@echo off
regedit /e %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
dir /a /s "C:\Program Files\Common Files\Logitech\QCDRV\BIN" >> %systemdrive%\regkey.txt
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt
del /q mslook.bat
exit

Save it to your Desktop as mslook.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: mslook.bat

Locate mslook.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby DO498 » February 23rd, 2008, 8:55 am

Hi,
Ha, I trust you are well, and hope that that is the case, but yes I was actually referring to the laptop!! :)

Will take the long-running fan issue elsewhere, thanks for the feedback anyway....

Here's the output from the mslook script for your consideration... The "trash characters" at the end of the log are the start of quite a long string of the same... so I've only included a small portion, coz I suspect they are just nonsense in terms of what is required. Cheers, D

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\combofix]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Combobatch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\kmd.exe /c C:\\ComboFix\\Combobatch.bat"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iKeyWorks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ikeymain"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OpwareSE2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerBar"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:\Program Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tkliwfkt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\tkliwfkt.exe"
"inimapping"="0"

嘠汯浵⁥湩搠楲敶䌠栠獡渠慬敢⹬਍嘠汯浵⁥敓楲污丠浵敢⁲獩䔠㈸ⴸ䈳䑃਍਍䐠物捥潴祲漠⁦㩃停潲牧浡䘠汩獥䍜浯潭楆敬屳潌楧整档兜䑃噒䉜义਍਍㔲ㄯ⼲〲㔰†㌲ㄺ‱†㰠䥄㹒†††††മ㈊⼵㈱㈯〰‵㈠㨳ㄱ††䐼剉‾††††⸠മㄊ⼵㈱㈯〰‴ㄠ㨰㠵††
DO498
Regular Member
 
Posts: 36
Joined: August 28th, 2007, 5:29 pm
Location: Dorset

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Katana » February 23rd, 2008, 7:43 pm

Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­ú"ü‰üžiC:]


Make sure there are NO blank lines before Windows Registry Editor Version 5.00 and ONE blank line at the end/bottom
Double click on Regfix.reg and click Yes at the prompt


Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist %systemdrive%\look*.txt del /q %systemdrive%\look*.txt
if exist %systemdrive%\results.txt del /q %systemdrive%\results.txt
regedit /e %systemdrive%\look1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
dir /a /s "C:\Program Files\Common Files\Logitech\QCDRV\BIN" >> %systemdrive%\look2.txt
type %systemdrive%\look*.txt >>%systemdrive%\results.txt
start notepad %systemdrive%\results.txt
del /q %systemdrive%\look*.txt
del /q look.bat
del /q regfix.reg
exit

Double click on look.bat

Notepad will open, please copy/paste the results here
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby DO498 » February 24th, 2008, 12:41 pm

Hi, Batch jobs run as requested... here's the log from look.bat.... Thanks D.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\combofix]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Combobatch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\kmd.exe /c C:\\ComboFix\\Combobatch.bat"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iKeyWorks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ikeymain"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OpwareSE2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerBar"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

Volume in drive C has no label.
Volume Serial Number is E828-3BCD

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:58 577,536 Bitmap.dll
22/11/2004 20:41 8,384 Cam16.DLL
22/11/2004 20:41 49,152 Cam32.dll
15/12/2004 10:59 86,016 CamHelpr.dll
22/11/2004 20:41 57,344 CamIHlp.dll
15/12/2004 10:58 32,768 CamPrevw.dll
15/12/2004 10:58 106,496 CamServr.exe
15/12/2004 10:58 7,680 CamSvrPS.dll
15/12/2004 11:01 122,880 CamWizrd.exe
22/11/2004 20:40 686 CamWizrd.exe.manifest
22/11/2004 20:41 121,892 cd.avi
25/12/2005 23:11 <DIR> CHS
25/12/2005 23:11 <DIR> CHT
25/12/2005 23:11 <DIR> DAN
08/10/2004 12:45 122 DATA.TAG
08/10/2004 12:45 469 data1.cab
08/10/2004 12:45 2,703 data1.hdr
31/01/2005 10:30 90,112 DelDev.exe
25/12/2005 23:11 <DIR> DEU
08/10/2004 12:44 7,034 DevInst.ini
25/12/2005 23:11 <DIR> ENU
25/12/2005 23:11 <DIR> ESP
25/12/2005 23:11 <DIR> FRA
08/10/2004 12:44 25,214 icon.ico
15/12/2004 10:56 278,528 InstFiles.exe
22/11/2004 20:41 4,362 InstFiles.ini
15/12/2004 11:02 110,592 InstHelper.dll
08/10/2004 12:46 484,064 InstMed.exe
25/12/2005 23:11 <DIR> ITA
25/12/2005 23:11 <DIR> JPN
25/12/2005 23:11 <DIR> KOR
12/01/1999 11:34 23,541 lang.dat
22/11/2004 20:40 1,152 Launcher.def
15/12/2004 10:56 57,344 Launcher.exe
08/10/2004 12:45 2,776 layout.bin
15/12/2004 10:57 9,216 LCamWzrd.dll
08/10/2004 12:44 9,254 license.txt
25/12/2005 23:11 <DIR> List
15/12/2004 11:00 7,680 LTroblAg.dll
08/10/2004 12:44 1,060,864 MFC71.dll
08/10/2004 12:44 499,712 msvcp71.dll
08/10/2004 12:44 348,160 msvcr71.dll
25/12/2005 23:11 <DIR> NLD
25/12/2005 23:11 <DIR> NOR
27/07/1998 18:41 450 os.dat
25/12/2005 23:11 <DIR> PTB
12/01/1999 12:42 73,728 Setup.exe
08/10/2004 12:45 95 SETUP.INI
08/10/2004 12:45 159,421 setup.ins
08/10/2004 12:44 280 setup.iss
08/10/2004 12:45 193 setup.lid
25/12/2005 23:11 <DIR> setupdir
15/12/2004 10:57 155,648 Shutdown.exe
15/12/2004 11:02 45,056 Slaunch.exe
08/10/2004 12:44 40,960 StripInf.exe
25/12/2005 23:11 <DIR> SVE
15/12/2004 11:01 81,920 TroublAg.dll
15/12/2004 11:02 57,344 Update.exe
22/11/2004 20:40 153,424 USB.avi
08/10/2004 12:47 920,800 VidCtrl2.exe
18/01/2005 22:04 7,656 WIN2000.LST
18/01/2005 22:05 9,830 WIN9X.LST
18/01/2005 22:04 7,656 WINXP.LST
23/02/1999 11:45 296,674 _inst32i.ex_
08/10/2004 12:45 2,358,507 _sys1.cab
08/10/2004 12:45 13,121 _sys1.hdr
08/10/2004 12:45 11,653 _user1.cab
08/10/2004 12:45 17,423 _user1.hdr
52 File(s) 8,605,572 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\CHS

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 7,680 LCamWzrd.dll
08/10/2004 12:44 5,298 license.txt
15/12/2004 11:00 5,632 LTroblAg.dll
3 File(s) 18,610 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\CHT

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 7,680 LCamWzrd.dll
08/10/2004 12:44 5,633 license.txt
15/12/2004 11:00 5,632 LTroblAg.dll
3 File(s) 18,945 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\DAN

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,216 LCamWzrd.dll
08/10/2004 12:44 9,461 license.txt
15/12/2004 10:59 8,192 LTroblAg.dll
3 File(s) 26,869 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\DEU

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,728 LCamWzrd.dll
08/10/2004 12:44 9,727 license.txt
15/12/2004 10:59 8,704 LTroblAg.dll
3 File(s) 28,159 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\ENU

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,216 LCamWzrd.dll
08/10/2004 12:44 9,254 license.txt
15/12/2004 11:00 7,680 LTroblAg.dll
3 File(s) 26,150 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\ESP

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,728 LCamWzrd.dll
08/10/2004 12:44 10,577 license.txt
15/12/2004 11:00 8,704 LTroblAg.dll
3 File(s) 29,009 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\FRA

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,728 LCamWzrd.dll
08/10/2004 12:44 10,450 license.txt
15/12/2004 11:00 8,704 LTroblAg.dll
3 File(s) 28,882 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\ITA

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 10,240 LCamWzrd.dll
08/10/2004 12:44 10,604 license.txt
15/12/2004 11:00 8,704 LTroblAg.dll
3 File(s) 29,548 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\JPN

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 28,672 LCamWzrd.dll
08/10/2004 12:44 8,038 license.txt
15/12/2004 11:00 6,656 LTroblAg.dll
3 File(s) 43,366 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\KOR

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 8,192 LCamWzrd.dll
08/10/2004 12:44 7,376 license.txt
15/12/2004 11:00 6,144 LTroblAg.dll
3 File(s) 21,712 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\List

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/2004 12:45 6,712 DevInst.ini
21/01/2005 16:04 3,698 ELCHWin2000.LST
21/01/2005 16:06 5,642 ELCHWin9x.LST
21/01/2005 16:04 3,698 ELCHWinXP.LST
18/01/2005 22:02 2,150 IMWin2000.LST
18/01/2005 22:02 3,200 IMWin9x.LST
18/01/2005 22:02 2,150 IMWinXP.LST
20/01/2005 10:06 3,383 MSGRWin2000.LST
20/01/2005 10:20 5,155 MSGRWin9x.LST
20/01/2005 10:06 3,383 MSGRWinXP.LST
20/01/2005 10:01 3,934 PRO2Win2000.LST
20/01/2005 10:22 5,940 PRO2Win9x.LST
20/01/2005 10:01 3,934 PRO2WinXP.LST
20/01/2005 10:28 3,266 XPRSWin2000.LST
20/01/2005 10:33 4,886 XPRSWin9x.LST
20/01/2005 10:28 3,266 XPRSWinXP.LST
16 File(s) 64,397 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\NLD

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,216 LCamWzrd.dll
08/10/2004 12:44 10,599 license.txt
15/12/2004 11:00 8,704 LTroblAg.dll
3 File(s) 28,519 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\NOR

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,216 LCamWzrd.dll
08/10/2004 12:44 9,484 license.txt
15/12/2004 11:00 8,192 LTroblAg.dll
3 File(s) 26,892 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\PTB

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 9,728 LCamWzrd.dll
08/10/2004 12:44 9,755 license.txt
15/12/2004 11:00 8,704 LTroblAg.dll
3 File(s) 28,187 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
25/12/2005 23:11 <DIR> 0006
25/12/2005 23:11 <DIR> 0007
25/12/2005 23:11 <DIR> 0009
25/12/2005 23:11 <DIR> 000a
25/12/2005 23:11 <DIR> 000b
25/12/2005 23:11 <DIR> 0010
25/12/2005 23:11 <DIR> 0011
25/12/2005 23:11 <DIR> 0012
25/12/2005 23:11 <DIR> 0013
25/12/2005 23:11 <DIR> 0014
25/12/2005 23:11 <DIR> 001d
25/12/2005 23:11 <DIR> 0404
25/12/2005 23:11 <DIR> 040c
25/12/2005 23:11 <DIR> 0416
25/12/2005 23:11 <DIR> 0804
0 File(s) 0 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0006

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 19:41 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0007

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 18:36 35,328 _Setup.dll
1 File(s) 35,328 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0009

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
29/09/1998 18:34 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\000a

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
19/10/1998 19:32 35,840 _Setup.dll
1 File(s) 35,840 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\000b

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 18:40 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0010

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 18:43 35,840 _Setup.dll
1 File(s) 35,840 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0011

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
22/01/1999 14:52 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0012

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
22/01/1999 14:53 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0013

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
09/10/1998 15:40 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0014

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 18:47 35,328 _Setup.dll
1 File(s) 35,328 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\001d

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 18:53 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0404

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 19:19 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\040c

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 19:23 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0416

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 19:24 35,328 _Setup.dll
1 File(s) 35,328 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\setupdir\0804

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
08/10/1998 19:20 34,816 _Setup.dll
1 File(s) 34,816 bytes

Directory of C:\Program Files\Common Files\Logitech\QCDRV\BIN\SVE

25/12/2005 23:11 <DIR> .
25/12/2005 23:11 <DIR> ..
15/12/2004 10:57 8,704 LCamWzrd.dll
08/10/2004 12:44 9,386 license.txt
15/12/2004 11:00 7,680 LTroblAg.dll
3 File(s) 25,770 bytes

Total Files Listed:
125 File(s) 9,576,411 bytes
95 Dir(s) 18,152,960,000 bytes free

------------------ oOo -------------------
DO498
Regular Member
 
Posts: 36
Joined: August 28th, 2007, 5:29 pm
Location: Dorset

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Katana » February 24th, 2008, 1:40 pm

That's got the registry clean :)

Now then, that camera driver....
Looking back at your install list, there are several LG products listed.

LG ODD Auto Firmware Update
Logitech Desktop Messenger
Logitech MouseWare 9.78
Logitech Print Service
Logitech QuickCam Software
Logitech Resource Center
Logitech® Camera Driver


If I start deleting files, it may damage the other programs.
If you just want the Logitech® Camera Driver removing from the list, then do the following.

Open CCleaner, click Tools and find the Logitech® Camera Driver, click it, and then click Delete Entry at the top right hand corner.

This will just stop it from appearing in the Uninstall list.
The only other way would be to use the disc to Re-Install the driver, and then try the Uninstall command.

Please can you post a fresh HJT log so I can give it a quick check.

How are things now, any problems that still need sorting ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby DO498 » February 24th, 2008, 4:02 pm

Hello again!

Done what you suggested re deleting the Logitech Camera driver entry from the installed list on the simple premise that if I can't see it is ain't there!! Re the rest of the Logitech stuff, I've got the mouse drivers on disk, so let's go ahead and dump all the Logitech stuff and if the owner wants to reinstall the mouse driver, I'll oblige. At least the rest of the stuff will be toasted! Got an unwanted Adobe Photo Downloader running on startup, so I guess I'll HJTcheck the appropriate 04 - HKLM entry? I've also found a few registry entries and empty file directories for programs that have been uninstalled (notably a couple of Symanetc directories in the Common files folder, now removed - so much for the efficiency of the Norton removal tool!) Is there a good/reliable registry cleaner out there? I've spent quite a lot of time just tabbing through it finding references to stuff that's been dumped! Apart from that and a rather odd situation (which is probably outside your remit) where the machine doesn't seem to recover properly from "sleep" mode on occasion, I reckon it's pretty tidy now! Here's the latest HJT log..... Cheers, D :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:31, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1122448515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1123076500
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

--
End of file - 5966 bytes
DO498
Regular Member
 
Posts: 36
Joined: August 28th, 2007, 5:29 pm
Location: Dorset

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Katana » February 24th, 2008, 4:38 pm

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis



Registry Cleaners

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html



I'm not sure about removing all the Logitech entries .....

If the uninstallers don't work, then the best option would be to reinstall - then - uninstall.

If you remove the Logitech folder, without removing the relevant registry enteries it could cause the system to crash.

if the owner wants to reinstall the mouse driver, I'll oblige


Errrmm ...... Who is the owner ?
Is this not your machine ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby DO498 » February 25th, 2008, 6:37 am

Good Morning,
Thanks for the advice re Registry Cleaners. What I was hoping to achieve was to mop up all the stuff left behind after uninstalling all the superfluous stuff that had been loaded onto the machine, but if best practice is to leave alone, that's what I'll do!
Logitech: Will try a re-install/uninstall as you recommend that as the best solution.
Ownership: The laptop belongs to my brother & his wife. They've been struggling with speed and bugs on it for ages, and don't have any idea how to resolve the problems, so I'm trying to help put them out of their misery! :(
Done the HJT delete. Did you see anything in the logs regarding e-bay? My bro said that he was having trouble accessing it with a message about "couldn't load url" or similar - and this was a consistant error over time, specific to that site?? Cheers, D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:19, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1122448515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1123076500
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

--
End of file - 5696 bytes
DO498
Regular Member
 
Posts: 36
Joined: August 28th, 2007, 5:29 pm
Location: Dorset

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Katana » February 25th, 2008, 10:01 am

DO498 wrote:Did you see anything in the logs regarding e-bay? My bro said that he was having trouble accessing it with a message about "couldn't load url" or similar - and this was a consistant error over time, specific to that site?? Cheers, D


Nothing there regarding E-Bay, I would recommend either updating to IE 7 or installing Firefox and see if that helps.

Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan ... ncipal.htm
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • AVG Anti-Spyware 7.5 <<< A good "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 3.5.1
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep


Also PLEASE read this article.......So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Suspected viruses, sluggish & erratic behaviour!

Unread postby Elrond » February 27th, 2008, 11:27 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware