Free Malware Removal Forum

by **Katana** » June 14th, 2007, 3:51 pm

Hi Jerry,

If you have no more problems then I will have this topic archived

Hope all stays well

by **geraldheyman** » June 15th, 2007, 1:27 pm

As a matter of fact, I have had trouble with the start up on the computer. Several items would not appear in the system tray. I checked with msconfig and they are checked. I had to start them manually.

All of this started after removal of the trojan I mentioned in my last post.

Any ideas?

Jerry Heyman :?:

by **Katana** » June 16th, 2007, 5:52 pm

Hi Jerry,

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is unchecked.

regedit /a /e %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt

Save it to your Desktop as mslook.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: mslook.bat

Locate mslook.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.

Please post the contets of the notepad file along with a fresh copy of HJT.
Also please could you list the programs that you had problems with.

by **geraldheyman** » June 16th, 2007, 9:39 pm

Here is the results from the batch job.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"MSK80Service"=dword:00000002
"OutpostFirewall"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MUPS.lnk]
"path"=""
"backup"="C:\\WINDOWS\\pss\\MUPS.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BELKIN~1\\MUPS.exe "
"item"="MUPS"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Infotriever.lnk]
"backup"="C:\\WINDOWS\\pss\\Infotriever.lnkStartup"
"location"="Startup"
"item"="Infotriever"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
"path"=""
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"=""
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Spy Protector.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Spy Protector.lnk"
"backup"="C:\\WINDOWS\\pss\\Spy Protector.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Security Task Manager\\SpyProtector.exe "
"item"="Spy Protector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^VirtualExpander.lnk]
"backup"="C:\\WINDOWS\\pss\\VirtualExpander.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\VIRTUA~1\\VIRTUA~1.EXE "
"item"="VirtualExpander"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\0296481154211413mcinstcleanup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cleanup"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\TEMP\\029648~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\1A:Stardock TrayMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Atomic Clock 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AtomClk"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Drag'n'Drop_Autolaunch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Autolaunch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Iomega HotBurn Pro\\Autolaunch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus CX4800 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_FATIADA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P26 \"EPSON Stylus CX4800 Series\" /O6 \"USB001\" /M \"Stylus CX4800\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MBkLogOnHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogOnHook"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee\\MBK\\LogOnHook.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mnyexpr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MskAgentexe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee\\MSK\\MskAgent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Multi-function Keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWHotKey"
"hkey"="HKLM"
"command"="GWHotKey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PRONoMgr.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRONoMgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Second Copy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SecCopy"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\SecCopy\\SecCopy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeperUI"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uniblue Registry Booster2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryBooster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Uniblue\\RegistryBooster2\\RegistryBooster.exe /S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002

Here is the result of the HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 6:27:17 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AudigySpeaker] E:\Winxp\Audio\Audigy2\Update\Project1.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Security Suite] C:\Program Files\Agnitum\Outpost Security Suite\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX4800 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 2)" /M "Stylus CX4800" /EF "HKCU"
O4 - Startup: avgw.exe.lnk = C:\Program Files\Grisoft\AVG7\avgw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll
O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll
O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll
O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll
O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll
O10 - Unknown file in Winsock LSP: c:\program files\agnitum\outpost security suite\lspfilt.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6954694625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9015419421
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Security Suite Service (OutpostSecuritySuite) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Security Suite\outpost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

The programs I am most having problems with are AVG 7.5 and Second Copy from Centered Systems. As a minor point I cannot get the power plug from the energy monitoring system (from Screensaver Power button) to stay on. All of these have to be manually restarted from boot to boot. My son who knows more about Windows suggested that these software create processes that instead of starting at boot time are set to start manually.

This is way beyond my knowledge.

Jerry Heyman

by **Katana** » June 17th, 2007, 8:19 am

Hi Jerry,

The programs I am most having problems with are AVG 7.5 and Second Copy from Centered Systems. As a minor point I cannot get the power plug from the energy monitoring system (from Screensaver Power button) to stay on. All of these have to be manually restarted from boot to boot.

AVG 7.5 is not in the startup list at all
If you want it to start with windows

Double click AVG Anti Spyware
Right click the Tray Icon
Select Stat With Windows
You can now close AVG

Second Copy is in your startup list AND in MSConfig, this could be causing conflict

If you are having problems with startup items I would suggest you disable MSConfig, by selecting Normal Start
Install Win Patrol it is a very good program that gives easy access to your start up settings.
It has a Free version which would suit your needs

Can you give me a little more detail about the energy monitoring system problem

by **geraldheyman** » June 17th, 2007, 1:07 pm

I tried what you said about AVG 7.5 and there is no "Start with Widows" after right clicking. There is only:

Launch Control Center
Quit Control Center

Launch Virus Vault
Launch Test Center

Check for Updates

Looks like I will have to uninstall and reinstall.

I will try WinPatrol and let you know how it works in answer to your next post.

Jerry Heyman

by **Katana** » June 18th, 2007, 12:02 pm

katana wrote:Can you give me a little more detail about the energy monitoring system problem

by **geraldheyman** » June 19th, 2007, 10:36 am

Here is the detail. I go to start>control panel>performance and maintenance>power options>advanced tab and click the "always show icon on task bar" entry under optioms. The icon is there the first time until I restart.

By the way WinPatrol icon was in task bar after install but not there after I restarted Windows. I had to manually start by going to start>all programs, etc., just like second copy. When I did that the icon appeared in the task bar, just like second copy.

Jerry Heyman

by **Katana** » June 20th, 2007, 12:24 pm

Hi Jerry,

Is this a Laptop or a Desktop PC ?

Please reboot your PC before doing the following

Open HiJackThis, click "Open the Misc Tools Section", and click "Open process manager". Click the Floppy Disk Icon next to "Show DLLs" and save the file in a place where you can find it. Post it in your next post.

by **geraldheyman** » June 20th, 2007, 11:27 pm

Here is the log you wanted. For some reason WinPatrol started up this time.

Process list saved on 8:14:40 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
808 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
884 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
936 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
948 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1100 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1328 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1828 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1848 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
196 C:\Program Files\Picasa2\PicasaMediaDetector.exe 2.6.36.21 Google Inc.
204 C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe 1.8.0.0 Iomega Corporation
224 C:\Program Files\QuickTime\qttask.exe 7.1.6.200 Apple Inc.
232 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 7.5.0.460 GRISOFT, s.r.o.
344 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe 11.3.2007.0 BillP Studios
352 C:\WINDOWS\GWHotKey.exe 6.5.0.0 BillP Studios
384 C:\Program Files\Messenger\MSMSGS.EXE 4.7.0.3001 Microsoft Corporation
488 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
496 C:\Program Files\SecCopy\SecCopy.exe 7.0.0.171 Centered Systems
552 C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 7.5.0.453 GRISOFT, s.r.o.
640 C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 7.5.0.420 GRISOFT, s.r.o.
688 C:\WINDOWS\system32\CTsvcCDA.EXE 1.0.1.0 Creative Technology Ltd
708 C:\WINDOWS\system32\E_S00RP1.EXE 2.0.3.0 SEIKO EPSON CORPORATION
740 C:\PROGRA~1\Iomega\System32\AppServices.exe 2.0.4.2 Iomega Corporation
852 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.0.9466.0 Microsoft Corporation
1012 C:\Program Files\Agnitum\Outpost Security Suite\outpost.exe 4.0.616.7628 Agnitum Ltd.
1152 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 5.0.0.0 New Boundary Technologies, Inc.
1300 C:\WINDOWS\system32\SAgent4.exe 1.7.0.0 SEIKO EPSON CORPORATION
1436 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1476 C:\Program Files\Belkin Bulldog Plus\upsd.exe 1.0.0.1 Delta
152 C:\PROGRAM FILES\CREATIVE\MEDIASOURCE\DETECTOR\CTDETECT.EXE 3.0.2.0 Creative Technology Ltd
1996 C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE 6.9.3.0 Siber Systems
2288 C:\WINDOWS\system32\wuauclt.exe 5.8.0.2469 Microsoft Corporation
4076 C:\Program Files\Hijackthis\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
All of this is a mystery to me.

Yes this is a desktop machine with a floppy drive.

by **Katana** » June 22nd, 2007, 12:25 pm

Hi Jerry,

All your programs are running as they are meant to.
Your PC will automatically hide icons that you do not need/use on a regular basis.
This is perfectly normal.

As you have no malware problems this topic will now be archived.

by **geraldheyman** » June 22nd, 2007, 3:03 pm

On the contrary, the icon for second copy is not hidden. When you click on the show hidden icons selection on the task bar, the icon does doesen't appear. But if you go to start>all programs>second copy 7>second copy 7, the icon appears even though second copy 7 is already running according to WinPatrol.

Perhaps second copy 7 will perform as advertised even though the icon does not appear?

Jerry Heyman

by **NonSuch** » June 26th, 2007, 12:25 am

As this issue appears to be resolved, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Free Malware Removal Forum

Hijackthis log

Who is online