Cyber Patrol Help? I've a big mess.

Discuss information regarding software or things in general from around the net.

Moderators: Admin Team, Moderators

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Fri Aug 15, 2008 10:37 am

Hello Everyone,
I was telling my woes over on TechGuys and Hewee suggested I come over here and ask for help. :oops: I've really blundered this time!
I tried to delete Cyber Patrol4 by right clicking and deleting,. ugh...
I've now learned that was "more than wrong!"
I was getting this little popup saying that my my Windows XP was not genuine! YIKES!!! Only now, I can't even get on the internet with that computer. Then, I went to my kids computer in the dining room and the kids downloaded a JumpStart cd or maybe it was the Learning Discovery... anyway.. now that nasty Cyber Patrol4 is on that computer too! It is not on the internet as I have no way to get a cord across the house to do so. ((O
I've read the sites for downloading stuff to get rid of Cyber Patrol4; I'm a real ditz...I don't even understand the instructions... ugh. I need help with "literal" step by step, click on this instructions. I'm guessing that I need to download stuff on this computer (Windows Vista to a cd anything to transfer to try to put on them to get rid of it? or something about ms-dos in the way inside of the makings of the computers to get rid of the mess created.)
ummm... Also if you don't mind; suggestions on how to use my children's cd's without getting into this mess again. Most of these cd's are Windows 95 or XP as that was when we had some cash flow to buy those kind of things. I cannot replace with new stuff. sigh...
I hope it is ok.. I'm gonna just cut and paste my other post from TechGuys here. :
I have a Windows XP computer that I had installed a freebie Cyber patrol about 4 years ago. I do not have the passwords or anything to it anymore.
I would like to get it off of that computer. From what I can tell.... sigh. I must have tried to delete it before. Now, I've tried to do a system restore to get rid of it. It has three user accounts on it. Owner, Kids and a name
The owner and kids accounts are my troubles. I made kids a limited account and then tried to delete the account and delete all files. It wont let me do that. It also wont let me do that from the owner account though I was able to change the owner account to a limited account.

The account that does not seem to have anything to do with Cyber Patrol4 was created less than a year ago! It is the only account that I can freely get on the internet with from that computer.
I need some step by step instructions on how to clear out Cyber Patrol4 from that computer.
Help? Please?
MeadowLark...... just a simpleton of a computer using mom. Not very good at any of the technical stuff.
Remember my last screwup after reading the above as I stupidly tried to right click and delete. Now, even that one access to the internet is blocked. May I please use those six shooters to kill Cyber Patrol !*!*

Thankyou for any help you can lend my way.
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Fri Aug 15, 2008 10:49 am

Hello MeadowLark and w^*

Sorry to hear about your frustrations regarding the uninstall.

I did some Googling and found this link @ CyberPAtrol. It gives detailed instructions for removal and a couple of different tweaks if the uninstall does not work as it is first described.
Uninstalling Version 4.x
We find that in many cases the person that who installed this version of CyberPatrol, did not set a password. If you know this to be the case, leave the Password field blank and click OK.


The first set of instructions you seem to have tried but below are the second option:
    1. Set the date on the computer to 03/20/02.
    2. Enter the password 335923 into the Headquarters password screen.
    3. Click the yellow badge symbol in the lower right of the password screen. The centre of the badge will change.
    4. Click Validate Password.
    5. Click OK at the next window which should be a warning stating "Warning: all password and registration information will be lost."
    6. The next window should be the Uninstall Selection window. Click Automatic.
    7. Restart your computer to make sure that the removal is complete
If the removal of CyberPatrol is unsuccessful this could be because you have accidentally deleted files that are required by CyberPatrol.

What to do if you have tried to uninstall CyberPatrol by deleting files that are required by the product.

If this process has not resulted in the removal of CyberPatrol from your computer you will need to contact our Technical Support Team.

Let me know how that works out
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Fri Aug 15, 2008 11:01 am

PS: I also just saw this page on Cexx boards regarding uninstalling but it's an old page and it's alot more technical.

http://www.cexx.org/censware.htm
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Fri Aug 15, 2008 11:56 am

I went to the dining room computer (second computer) and tried to find the Cyber Patrol on the computer. oops! :oops: It is only an icon on the desktop from when the kids downloaded Kindergarten Reader Rabbit. The Learning Company. I cannot get rid of it without installing it and then removing it?????? Anyway,it has not been installed.
ok.. My question with my 4 yr old... Is it possible to allow him to play this program without problems from Cyber Patrol? This computer is not on the internet at this time.... (I'd like to put it on eventually for my older kids.)

ummm the first computer....the kids had tried to uninstall before I got to the mess. They also did a system restore. None of which has helped :(
I did reset the date.
I tried to open the Cyber Patrol; some parts of the Cyber Patrol is missing. The screen has a very tiny blip/ light flash and then nothing. I cannot get the "Headquarters" to open in order to put in the password numbers.
I did try to "contact support."
I got an email reply that scares the "livin daylights outta me!"
I gotta do the 3rd option (Full manual uninstall instructions.)
I'm so nervous...... hmmm... I'm gonna go test my bloodsugar numbers and my bloodpressure. Then, I'll grab your cute six shooter and point it at Cyber Patrol!
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Fri Aug 15, 2008 1:40 pm

MeadowLark wrote:I went to the dining room computer (second computer) and tried to find the Cyber Patrol on the computer. oops! :oops: It is only an icon on the desktop from when the kids downloaded Kindergarten Reader Rabbit. The Learning Company. I cannot get rid of it without installing it and then removing it??????
If it's just an icon, you should be able to delete it without removing the Reader Rabbit stuff at all. We have it here for my son, several different years worth and have never experienced anything that wouldn't just delete. If it needs more than that we can try something a bit more 'forceful'.
ok.. My question with my 4 yr old... Is it possible to allow him to play this program without problems from Cyber Patrol? This computer is not on the internet at this time.... (I'd like to put it on eventually for my older kids.)
If CP4 is not actually installed, there ought not be any problems running the program at all.

ummm the first computer....the kids had tried to uninstall before I got to the mess. They also did a system restore. None of which has helped :(
I did reset the date.
I tried to open the Cyber Patrol; some parts of the Cyber Patrol is missing. The screen has a very tiny blip/ light flash and then nothing. I cannot get the "Headquarters" to open in order to put in the password numbers.
I did try to "contact support."
I got an email reply that scares the "livin daylights outta me!"
I'm very curious to see what's in that email that would scare you. It does not sound like very good customer service, do you mind sharing? You can send it to me if your comfortable. You can send it to the site email account located on any of the other site pages by clicking the 'Email Us' link, your email client will pop up with the address already inserted.
I gotta do the 3rd option (Full manual uninstall instructions.)
I'm so nervous...... hmmm... I'm gonna go test my bloodsugar numbers and my bloodpressure. Then, I'll grab your cute six shooter and point it at Cyber Patrol!
MeadowLark
Well that's a bummer.

Be sure you create a system restore point before beginning any removal, just in case. And also, if you have any data, pix, video documents, be sure to back them up as well, preferably to either another drive, thumb drive or upload files to an online service, there are several free ones available.

Please be sure to keep us informed on how that all goes so others who stumble upon the same problem can learn from your experience.

And let us know if we can be of any further assistance at all in any way.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Fri Aug 15, 2008 5:00 pm

LOL! it's just me. I get very nervous any time that I need to go into
ms dos. I'm so scared I'll mess something up even worse.
I was doing really well at cleaning out Cyber Patrol... until hubby called and sidetracked me. sigh.... slight problem? Maybe... help?
I was deleting everything perfectly then.... the last step where it said
"Delete c:\patrol\cp.exe and ic.exe from load
To do so: Double click on load in the right hand side of the screen
This will now open the Edit String window and in the value data: field you should see
c:\patrol\cp.exe and ic.exe. Hit the backspace to remove all of this information."
I messed up and right clicked and hit delete! UGH!!! >)(
The question is... Did I kill something bad? It is definitely gone!Yikes!
That whole little dialog box!
On the other hand:P I can get on the internet with that computer now and everything is working....sorta.

Totally different issue.
I want to see the "Favorite's Folder and the History Folder" on the internet webpage browser. The darn thing says that "Access is Denied!" GRRR.... What has my oldest son done? (he's not home now and I cannot ask him. sigh...) Would you know how to get to that?
MeadowLark .... Oh and I just tested my bloodsugar and got my best number of the day! 100! 1rokon So Cool!!!!! I sure would love to see more numbers like that!

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Fri Aug 15, 2008 8:47 pm

MeadowLark wrote:LOL! it's just me. I get very nervous any time that I need to go into
ms dos. I'm so scared I'll mess something up even worse.
I was doing really well at cleaning out Cyber Patrol... until hubby called and sidetracked me. sigh.... slight problem? Maybe... help?
I was deleting everything perfectly then.... the last step where it said
"Delete c:\patrol\cp.exe and ic.exe from load
To do so: Double click on load in the right hand side of the screen
This will now open the Edit String window and in the value data: field you should see
c:\patrol\cp.exe and ic.exe. Hit the backspace to remove all of this information."
I messed up and right clicked and hit delete! UGH!!! >)(
The question is... Did I kill something bad? It is definitely gone!Yikes!
That whole little dialog box!
On the other hand:P I can get on the internet with that computer now and everything is working....sorta.
All you were doing was removing CP4 stuff, so who cares if ya broke it? :P

The important thing is you can now access the Net with no troubles. Nice work!! t*u
Totally different issue.
I want to see the "Favorite's Folder and the History Folder" on the internet webpage browser. The darn thing says that "Access is Denied!" GRRR.... What has my oldest son done? (he's not home now and I cannot ask him. sigh...) Would you know how to get to that?
Do you mean you want it to display on the toolbar of IE at the top? I'm not quite sure I understand. Or do you just want to be able to see what sites are being viewed?
MeadowLark .... Oh and I just tested my bloodsugar and got my best number of the day! 100! 1rokon So Cool!!!!! I sure would love to see more numbers like that!
Glad to hear, and now your blood pressure oughtta go down a bunch too.

Let me know about the favorites thing.

Also, I'm going to move this to the 'General Software\Internet' forum. You won't lose it tho.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Sat Aug 16, 2008 7:07 am

Hey Thanks for all the help:)
By the way; How do I get rid of that Cyber patrol Icon on the dining room computer? (Do I need to go thru the cmd thing into ms dos to get rid of it?)

On the Favorites issue; I want to have an hour glass or something to click on history so that I can see what sites my wandering boys might be going to. So far, I've caught them going to cheat sites for their games. sigh... I know, not bad stuff. Just I want them to use their fine minds to figure out how to win the battles on their own. (more brain power that way! along with critical thinking skills.) I also want to know if they are getting too curious about things they should talk to Dad or Mom about.
(I've got a few kids and their ages range from 3 to 15.)
I'd love to have an easy way to make sure they are safe without blocking the whole internet for them to explore. It's the same as teaching the kids not to get involved with the wrong kind of characters or other activities.

The things I want now are to :
1.) be able to access the favorites that are currently being denied.
2.) be able to put a "history icon on the ie toolbar."
3.) a safe way to allow full access to the internet for the kids without
"Cyber Patrol." (If the kids are surfing to learn something for biology or some other class... I don't want them blocked as has been the case.)
MeadowLark

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3721
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MysteryFCM » Sat Aug 16, 2008 7:43 am

MeadowLark wrote:Hey Thanks for all the help:)
By the way; How do I get rid of that Cyber patrol Icon on the dining room computer? (Do I need to go thru the cmd thing into ms dos to get rid of it?)

On the Favorites issue; I want to have an hour glass or something to click on history so that I can see what sites my wandering boys might be going to. So far, I've caught them going to cheat sites for their games. sigh... I know, not bad stuff. Just I want them to use their fine minds to figure out how to win the battles on their own. (more brain power that way! along with critical thinking skills.) I also want to know if they are getting too curious about things they should talk to Dad or Mom about.
(I've got a few kids and their ages range from 3 to 15.)
I'd love to have an easy way to make sure they are safe without blocking the whole internet for them to explore. It's the same as teaching the kids not to get involved with the wrong kind of characters or other activities.


Index.dat Suite, Index.dat QV and QH (Quick History), amongst others, will all allow you to see where they've been going ;)

Index.dat QV
http://support.it-mate.co.uk/?mode=Prod ... ndex.datqv

Index.dat Suite + QH (QH.zip is a seperate download)
http://support.it-mate.co.uk/?mode=Prod ... x.datsuite

MeadowLark wrote:The things I want now are to :
1.) be able to access the favorites that are currently being denied.


Apologies if you've already mentioned it but, is it the files themselves, or the website's, that you cannot access?

MeadowLark wrote:2.) be able to put a "history icon on the ie toolbar."


Right click the IE toolbar and select Customize

MeadowLark wrote:3.) a safe way to allow full access to the internet for the kids without
"Cyber Patrol." (If the kids are surfing to learn something for biology or some other class... I don't want them blocked as has been the case.)
MeadowLark


Allowing full access safely is not something thats ever going to be possible whilst there's malicious sites and such on the internet - it's simply impossible.

What you can do however, is protect yourself against these threats, without resorting to using parental controls, but bear in mind, you'll still need security;

http://mysteryfcm.co.uk/?mode=Articles&date=12-08-2008
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Sat Aug 16, 2008 9:21 am

By the way; How do I get rid of that Cyber patrol Icon on the dining room computer? (Do I need to go thru the cmd thing into ms dos to get rid of it?)
Right-click it, select delete, it ought to go that easy.

Thanks Steven.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Sun Aug 17, 2008 3:25 pm

Apologies if you've already mentioned it but, is it the files themselves, or the website's, that you cannot access?


It's both files and websites that it won't let me see.
Ultimately, I want to delete that account completely... LOL!It has given me too much trouble. I tried to delete it after getting rid of Cyber Patrol.

Now, I've another problem.
I discovered that I could not just delete that account because of
MSHTA.EXE I managed to delete copies all over the place; but the last one will not delete! ((O It keeps reappearing!magically???


The dining room computer... I cant delete the icon of Cyber Patrol,even though it has never been installed. Should I go try the Full Uninstall there too? It was never installed! Do I need to install in order to delete?

Thankyou for the websites:) I will download and use them!
Is Avast ok? or is it better to use the AV antivirus that you've mentioned? sighl...for now I need totally free.
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Sun Aug 17, 2008 4:43 pm

MeadowLark wrote: Now, I've another problem.
I discovered that I could not just delete that account because of
MSHTA.EXE I managed to delete copies all over the place; but the last one will not delete! ((O It keeps reappearing!magically???
Are you saying you deleted that file? All you could find??
The dining room computer... I cant delete the icon of Cyber Patrol,even though it has never been installed. Should I go try the Full Uninstall there too? It was never installed! Do I need to install in order to delete?
What happens when you try to delete it?
Is Avast ok? or is it better to use the AV antivirus that you've mentioned? sighl...for now I need totally free.
MeadowLark
Both avast and avira are free on Stevens page
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Sun Aug 17, 2008 5:25 pm

Yup. I deleted all I could find. I did "Search all Files and Folders" It's the only place and I can watch it pop right back in as I click it to the recycle bin; then go look and there it is again. sigh... The very last ones just keep putting themselves right back in the "PreFetch" and "Software Distribution" Folders. Since they keep doing that; I cannot delete the account.
I'm beginning to wish that I could just reformatte back to the factory setting instead of just system restore and start out fresh:( LOL! Then, just come back in here and set this computer up the way you all tell me, so that it could be totally easy to take care! ugh......


As for the dining room computer; Cyber Patrol just keeps putting the icon right back on the desktop. I cannot put it in the Recycle Bin to dump it. It wants me to install the darn thing!

Here is a cope of HJT; Will it help?

Logfile of HijackThis v1.99.1
Scan saved at 4:40:34 PM, on 3/22/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1150598579411
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1150598726551
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


MeadowLark... May I adopt a big brother? t*u I could use a computer champion:)

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Sun Aug 17, 2008 7:11 pm

Yup. I deleted all I could find. I did "Search all Files and Folders" It's the only place and I can watch it pop right back in as I click it to the recycle bin; then go look and there it is again. sigh... The very last ones just keep putting themselves right back in the "PreFetch" and "Software Distribution" Folders. Since they keep doing that; I cannot delete the account.
You won't be able to prevent them from coming back, it's part and parcel of Windows.

Try deleting the account in safe mode, from the main administrator account.

You can fix the following lines in HJT, tho they pure nit-picks and have no real impact on anything.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/


Reboot, rescan with HJT, they ought to be gone, if not, like I said, no worries.

Lets also get a start up list from you to see what's installed on this machine.

Open HJT
  • Click the Image button.
  • Then click the Image button in the lower right hand of the program.
  • Select the Image button.
  • In the upper left hand side of the program tick the two boxes Image
  • Select Image when prompted by the dialog box.
The resultant scan will produce a notepad log file, please paste that log file back into your thread.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Sun Aug 17, 2008 7:33 pm

Ummmm... Ditz here... How do I go into the Safe Mode? When my puter comes on it goes to the thing where I click on my name and then password to get in.
???? See... ? I'm a confused kid....

ok here is the list I got from HJT

StartupList report, 3/22/2002, 10:25:04 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16705)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\jackie\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /install
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
PS2 = C:\WINDOWS\system32\ps2.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\AvastSS.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupda ... 0598579411

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup ... 0598726551

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/products/plugin/1.4 ... s-i586.cab

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/products/plugin/1.4 ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
atksgt: system32\DRIVERS\atksgt.sys (autostart)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
%imapi_ServiceDesc%: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
lirsgt: system32\DRIVERS\lirsgt.sys (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
papycpu: \SystemRoot\system32\drivers\papycpu.sys (system)
papyjoy: \SystemRoot\system32\drivers\papyjoy.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCAMPR5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCAMPR5.SYS (manual start)
PCANDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sys (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGP.sys (system)
Sygate Personal Firewall: C:\Program Files\Sygate\SPF\smc.exe (autostart)
SOLOMON FastUSB(R) Service for SOLOMON Scwi211b USB Wireless Lan: system32\DRIVERS\scwi211bx.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{13C56707-A75E-427F-A3E7-375956BFF577} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
SyGate for NT, wg4n: \SystemRoot\SYSTEM32\Drivers\wg4n.sys (autostart)
SyGate for NT, wg5n: \SystemRoot\SYSTEM32\Drivers\wg5n.sys (autostart)
SyGate for NT, wg6n: \SystemRoot\SYSTEM32\Drivers\wg6n.sys (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking): system32\DRIVERS\zd1211Bu.sys (manual start)
ZDPSp50 NDIS Protocol Driver: System32\Drivers\ZDPSp50.sys (manual start)
Intel(R) Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (system)
Intel(R) Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 35,100 bytes
Report generated in 0.781 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Sun Aug 17, 2008 8:05 pm

D'OH! d!

Double D'OH! d! d!

I asked of you the wrong list. ((O ((O :oops: :oops:

My bad.

Lets give this another go, the right way this time.

Apologies.

Open HJT
  • Open HJT, click the Image button.
  • Click on the Image button
  • Click on the Image button
  • Click on the Image button
  • Then click on the Image button and specify where you would like to save this file.
  • When you press Image button a notepad file will open with the contents of that file.
  • Copy and paste the contents of that notepad back into your thread.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Sun Aug 17, 2008 8:19 pm

LOL!!!
Tell me how to go into SAFEMODE so I can delete that user account! pretty please?

Here is the list.

Ad-Aware SE Personal
Adobe Acrobat 5.0
Age of Mythology
Age of Mythology - The Titans Expansion
AOL You've Got Pictures Screensaver
ArcSoft Software Suite
Atomic Pop
avast! Antivirus
Betty Bad
Blackhawk Striker
Blasterball 2
Blasterball Wild
Blue's Reading Time Activities
Care Bears Lets Have a Ball (remove only)
Chex® Quest
Cyberchase Castleblanca Quest
Dark Orbit
Delta Force 2 Demo
Detto IntelliMover Demo
Dirt Track Racing
Disney's Lilo and Stitch Pinball
DLA
Dogfight - Battle for the Pacific
Dora Lost City
Garfield's Typing Pal
GemMaster 2
Gizmos and Gadgets!
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB952287)
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
hp toolkit
Inactive HP Printer Drivers (Remove only)
Intel(R) 845G Chipset Graphics Driver Software
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
JumpStart Advanced Kindergarten
JumpStart Animal Field Trip
JumpStart Arts and Crafts
JumpStart Explorers
JumpStart Kindergarten v2.4b
JumpStart Pre-K v2.0
JumpStart Spelling v1.0
KBD
Kid's Card Games
Kublox
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player 8
Macromedia Shockwave Player
Mad About Cats
Malwarebytes' RogueRemover
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mini Car Racing
Monopoly Junior
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
MUSICMATCH Jukebox
Network Play System (Patching)
NVIDIA Windows 2000/XP Display Drivers
PABC.exe custom database
PC-Doctor for Windows
PigPen
Pirates
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken Financial Center
QuickTime
Reader Rabbit Learning Creations
Reader Rabbit's Kindergarten
Reader Rabbit's Toddler
RealPlayer Basic
RecordNow
RecordNow Update Manager
Rocky Mountain Trophy Hunter
Rocky Mountain Trophy Hunter Alaskan Expedition
RollerCoaster Tycoon
S3Display
S3Gamma2
S3Info2
S3Overlay
SabreWing 2
Scooby-Doo
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Seven Kingdoms
Slot Car Racing
Snowboard Extreme
Space Rocks
Speedway
SpongeBob SquarePants Employee of the Month
Spybot - Search & Destroy
Street Legal Racing Redline
Student Management System
Study Helpers Math Booster
Study Helpers Spelling Bee
Sygate Personal Firewall
The Battle for Middle-earth (tm)
The Sims
Time to Play Pet Shop
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
Virtual Warfare
WildTangent Channel Manager
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Productivity Pack
WordPerfect Productivity Pack

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Sun Aug 17, 2008 10:46 pm

OK, nothing in that list to indicate CP4 is installed, so give that icon removal a try in safe mode.

See your PMs for those instructions.

Lets try to keep as much communication here in the forum with regards to instructions and procedures. Ya know, except for that dessert date we have. ;) >>< !!xx
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Mon Aug 18, 2008 5:35 am

LOL! You are messing up!!!
The Cyber Patrol icon is on the dining room computer!I t is not on the internet at all. Not this one!

Ok I did go into safe Mode... this gets down right weird!
In SafeMode; This computer - It did not even show the account I wanted to delete. It did show
1)Computer Owner not passworded.. ( I deleted it)
2) Computer Administrator not passworded. ( I left it alone as it said it was always there)
3) It showed the one that I'm using right now. ( I left it alone.)

Next. I restarted and now have two that I can log in to .
1. This one
2. The one I want to delete!

Next. I went into the account I want to delete and went to Explorer.
I thought to double check there for Cyber Patrol. I didnt find anything.
EXCEPT : I clicked on PreFetch Folder....IT would not let me in! :ACCESS DENIED
Next. I tried to scan with Avast. It said ACCESS DENIED. ERROR in Scanning.
Also, it says that this is not a genuine copy of Windows XP! GRRR!!! I've bought this computer when hubby was deployed the very first time! I know it is valid! It's been valid for years til now.
(ok rant over.ugh)

Ok.. This is one of those nasty Windows that did not come with any cd's.I'm totally grouchy about this.
Is there any way to just restore back to factory totally and get rid of everything on this computer? :( I'm totally frustrated. grgr '>*
I'm open to whatever you suggestion to get this thing cleaned up... unless it means buying something... cuz we're totally broke:(
Kids have appts today... I'll be back a few hours from now.
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Mon Aug 18, 2008 7:53 am

MeadowLark wrote:LOL! You are messing up!!!
The Cyber Patrol icon is on the dining room computer!I t is not on the internet at all. Not this one!
OK, lets try and give these pcs names. CyberPatrol one: What happens when you try to delete the CP icon?
Ok I did go into safe Mode... this gets down right weird!
In SafeMode; This computer - It did not even show the account I wanted to delete. It did show
1)Computer Owner not passworded.. ( I deleted it)
2) Computer Administrator not passworded. ( I left it alone as it said it was always there)
3) It showed the one that I'm using right now. ( I left it alone.)

Next. I restarted and now have two that I can log in to .
1. This one
2. The one I want to delete!

Next. I went into the account I want to delete and went to Explorer.
I thought to double check there for Cyber Patrol. I didnt find anything.
EXCEPT : I clicked on PreFetch Folder....IT would not let me in! :ACCESS DENIED
Next. I tried to scan with Avast. It said ACCESS DENIED. ERROR in Scanning.
XP does not show all accounts in normal mode, there is always an administrator one by default.

Prefetch folder is of no concern, so lets not bother with that anymore. Lets also not bother scanning with any tool as these wil not help us with CP icon removal.
Also, it says that this is not a genuine copy of Windows XP! GRRR!!! I've bought this computer when hubby was deployed the very first time! I know it is valid! It's been valid for years til now.
Where does it say the copy is not genuine?
Ok.. This is one of those nasty Windows that did not come with any cd's.I'm totally grouchy about this.
Is there any way to just restore back to factory totally and get rid of everything on this computer? :( I'm totally frustrated. grgr '>*
I'm open to whatever you suggestion to get this thing cleaned up... unless it means buying something... cuz we're totally broke:(
MeadowLark
Sadly, no unless you have the original receipt or some sort of documentation to prove you bought it from a legit store of some sort. Do you recall where you got it?
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Tue Aug 19, 2008 6:12 am

Ok updates for the sake of the thread.
I"m totally frustrated. I did figure out that this computer was probably bought at on base at the military store or WalMart. Then, I found the cd's for Recovery to manufacture. Some interesting things happened.
First, the cd acted like nothing was happening at all when I shut the computer down and restarted it. So, I took a chance; I opened up My computer to see if the cd drive acknowledged that I had put the cd in.:)
Then, I got curious.... (probably not wise) I thought maybe it needed to have me click on an EXE to get it started. hmmm I saw a few, didn't know which to click on and I think got wiser.. I x'd out of it!
I decided to log off of that user and go look at the "Steven Account".
LOL! It totally disappeared!
Fast forward today. I'm looking at this and wondering if I should just leave the computer alone? Avast seems to be working just fine. It has detected a couple of viruses/trojans or some such. I dumped them into the "chest." Not sure what else I should do with that. <?>
I'm thinking since Cyber Patrol is gone and the "Steven Account" that I wanted to delete is gone... maybe we should call this solved? Why mess something up that is now working?
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Tue Aug 19, 2008 8:08 am

MeadowLark wrote:Ok updates for the sake of the thread.
I"m totally frustrated. I did figure out that this computer was probably bought at on base at the military store or WalMart. Then, I found the cd's for Recovery to manufacture. Some interesting things happened.
First, the cd acted like nothing was happening at all when I shut the computer down and restarted it. So, I took a chance; I opened up My computer to see if the cd drive acknowledged that I had put the cd in.:)
Then, I got curious.... (probably not wise) I thought maybe it needed to have me click on an EXE to get it started. hmmm I saw a few, didn't know which to click on and I think got wiser.. I x'd out of it!
I decided to log off of that user and go look at the "Steven Account".
LOL! It totally disappeared!
Well there we go, that's another problem solved.
Fast forward today. I'm looking at this and wondering if I should just leave the computer alone? Avast seems to be working just fine. It has detected a couple of viruses/trojans or some such. I dumped them into the "chest." Not sure what else I should do with that. <?>
This could be nothing, can you tell me where on the system it says these infections are, like what folder or file it points to?
I'm thinking since Cyber Patrol is gone and the "Steven Account" that I wanted to delete is gone... maybe we should call this solved? Why mess something up that is now working?
MeadowLark
Good idea. At least you got the problems solved that you had been having trouble with.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Tue Aug 19, 2008 9:22 am

I've never gone into the Avast file to look for something. Just whenever it finds a virus or malware etc... it recommends that we put it in the "chest" I just click ok. :oops: :) See? I'm your typical "ditz" :P
Though I am getting brave... I'll go see what I can find by clicking around.
MeadowLark

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Tue Aug 19, 2008 9:32 am

ok LOL! I "Opened the treasure chest of viruses!"
Here is a copy of what is in there safely tucked away from the computer.
ACK!! I wanted to right click and copy it; but it won't let me. sorry. I'm not sure how to show it to you.
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Tue Aug 19, 2008 9:50 am

MeadowLark wrote:ok LOL! I "Opened the treasure chest of viruses!"
Here is a copy of what is in there safely tucked away from the computer.
ACK!! I wanted to right click and copy it; but it won't let me. sorry. I'm not sure how to show it to you.
MeadowLark
OK, I'm not sure what version you're using, mine is 4.8, but if you go to:
My computer>>C drive>>Program Files>>Alwil software>>Avast4>>DATA>>Log, look for an warning.log file with the latest date, I think there will be what was found in there at least it was on mine as I had a few false\positives pop up while trying to view some forums.

Let us know what you find.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Tue Aug 19, 2008 1:01 pm

ok just remember that I had to reset teh date to get rid of Cyber Patrol:p so here is the whole thing:)

2/24/2008 4:28:48 PM 1203888528 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
2/24/2008 4:28:50 PM 1203888530 SYSTEM 1216 An error has occured while attempting to update. Please check the logs.
3/17/2008 5:22:51 PM 1205788971 jackie 3772 Function setifaceUpdatePackages() has failed. Return code is 0x00000426, dwRes is 00000020.
4/12/2008 5:01:03 PM 1208034063 steven 1784 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
4/16/2008 10:02:58 AM 1208354578 steven 2120 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
4/23/2008 8:25:22 PM 1208996722 SYSTEM 1220 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\steven\Local Settings\Temporary Internet Files\Content.IE5\LENFH99Z\xpa_eng[1].exe" file.
4/23/2008 8:25:31 PM 1208996731 SYSTEM 1220 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\XP Antivirus\xpa.exe" file.
4/23/2008 8:25:35 PM 1208996735 SYSTEM 1220 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\XP Antivirus\xpa.exe" file.
4/24/2008 8:35:35 PM 1209083735 steven 1808 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
5/1/2008 6:24:50 PM 1209680690 steven 1640 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
5/4/2008 10:25:48 AM 1209911148 steven 1888 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
5/5/2008 2:30:43 PM 1210012243 steven 1944 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
5/28/2008 2:35:43 PM 1211999743 SYSTEM 1212 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
5/28/2008 2:35:45 PM 1211999745 SYSTEM 1212 An error has occured while attempting to update. Please check the logs.
5/28/2008 7:55:44 PM 1212018944 SYSTEM 1248 Sign of "HTML:CVE-2007-0024 [Expl]" has been found in "http://www.wackystone.com/counter/Ms07004.htm" file.
6/2/2008 5:37:56 PM 1212442676 SYSTEM 1212 Sign of "SWF:CVE-2007-0071 [Expl]" has been found in "http://222.122.157.120/W.swf" file.
6/12/2008 1:55:38 PM 1213293338 SYSTEM 1212 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/12/2008 2:04:35 PM 1213293875 SYSTEM 1212 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/12/2008 2:04:35 PM 1213293875 SYSTEM 1212 An error has occured while attempting to update. Please check the logs.
6/12/2008 7:08:00 PM 1213312080 SYSTEM 1212 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/12/2008 7:17:34 PM 1213312654 SYSTEM 1212 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/12/2008 7:17:36 PM 1213312656 SYSTEM 1212 An error has occured while attempting to update. Please check the logs.
6/13/2008 8:12:45 PM 1213402365 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/13/2008 8:22:58 PM 1213402978 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/13/2008 8:23:21 PM 1213403001 SYSTEM 1220 An error has occured while attempting to update. Please check the logs.
6/14/2008 5:39:46 PM 1213479586 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/14/2008 5:48:40 PM 1213480120 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/14/2008 5:48:40 PM 1213480120 SYSTEM 1224 An error has occured while attempting to update. Please check the logs.
6/15/2008 5:52:47 PM 1213566767 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/15/2008 6:01:43 PM 1213567303 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/15/2008 6:01:44 PM 1213567304 SYSTEM 1228 An error has occured while attempting to update. Please check the logs.
6/18/2008 4:33:40 PM 1213821220 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/18/2008 4:42:35 PM 1213821755 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
6/18/2008 4:42:36 PM 1213821756 SYSTEM 1216 An error has occured while attempting to update. Please check the logs.
6/22/2008 10:34:07 PM 1214188448 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
8/9/2008 3:25:12 PM 1218309912 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
8/9/2008 3:25:13 PM 1218309913 SYSTEM 1228 An error has occured while attempting to update. Please check the logs.
8/9/2008 6:03:33 PM 1218319413 SYSTEM 1252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
8/9/2008 6:03:41 PM 1218319421 SYSTEM 1252 An error has occured while attempting to update. Please check the logs.
8/13/2008 10:31:48 PM 1218681108 steven 3336 Function SuperCopyFile() has failed. Return code is 00000005.
8/14/2008 3:21:06 AM 1218698466 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
8/14/2008 3:21:07 AM 1218698467 SYSTEM 1220 An error has occured while attempting to update. Please check the logs.
8/14/2008 7:45:19 AM 1218714319 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
8/14/2008 7:45:20 AM 1218714320 SYSTEM 1220 An error has occured while attempting to update. Please check the logs.
8/14/2008 8:10:58 PM 1218759058 steven 1232 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\steven\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms (C:\Documents and Settings\steven\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms) returning error, 00000005.
3/20/2002 4:29:07 PM 1016656147 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/20/2002 5:03:12 PM 1016658192 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/20/2002 5:54:01 PM 1016661241 SYSTEM 1240 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/20/2002 5:59:47 PM 1016661587 SYSTEM 1220 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/20/2002 6:02:44 PM 1016661764 SYSTEM 1220 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\steven\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms (C:\Documents and Settings\steven\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms) returning error, 00000005.
3/20/2002 7:23:21 PM 1016666601 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/21/2002 7:21:53 AM 1016709713 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/21/2002 11:23:46 AM 1016724226 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/21/2002 3:24:31 PM 1016738671 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/21/2002 8:05:23 PM 1016755523 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/22/2002 9:54:46 AM 1016805286 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/22/2002 1:56:17 PM 1016819777 SYSTEM 1224 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/22/2002 2:27:57 PM 1016821677 SYSTEM 1232 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/22/2002 6:35:44 PM 1016836544 SYSTEM 1232 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/22/2002 10:21:38 PM 1016850098 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 2:23:06 AM 1016864586 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 6:23:49 AM 1016879029 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 8:09:36 AM 1016885376 SYSTEM 1208 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 12:12:18 PM 1016899938 SYSTEM 1208 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 4:13:16 PM 1016914396 SYSTEM 1208 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 4:49:58 PM 1016916598 SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\steven\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms (C:\Documents and Settings\steven\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms) returning error, 00000005.
3/23/2002 7:35:30 PM 1016926530 SYSTEM 1212 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 7:39:36 PM 1016926776 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/23/2002 11:40:32 PM 1016941232 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/24/2002 3:41:18 AM 1016955678 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
3/24/2002 7:42:04 AM 1016970124 SYSTEM 1216 Function setifaceUpdatePackages() has failed. Return code is 0x2000001D, dwRes is 2000001D.
Wow! That is a lot of stuff!
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Tue Aug 19, 2008 2:15 pm

These are of concern, regardless of the date:
4/23/2008 8:25:22 PM 1208996722 SYSTEM 1220 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\steven\Local Settings\Temporary Internet Files\Content.IE5\LENFH99Z\xpa_eng[1].exe" file.
4/23/2008 8:25:31 PM 1208996731 SYSTEM 1220 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\XP Antivirus\xpa.exe" file.
4/23/2008 8:25:35 PM 1208996735 SYSTEM 1220 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Program Files\XP Antivirus\xpa.exe" file.
Did you ever have an infection that showed fake alerts on the desktop and said to fix it you had to download software?

Please let me know so can address this.
Image

MeadowLark
Posts: 16
Joined: Fri Aug 15, 2008 6:32 am
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby MeadowLark » Tue Aug 19, 2008 2:30 pm

sigh.... I wouldnt know. That was when my son was online. (He isnt home and I cant ask him for a long time.) I"m guessing he may have done exactly as it said to do. We may as well go hunting and see what we hope to not find..... ?>! Where shal we start hunting?
MeadowLark

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Cyber Patrol Help? I've a big mess.

Postby TeMerc » Tue Aug 19, 2008 2:43 pm

MeadowLark wrote:sigh.... I wouldnt know. That was when my son was online. (He isnt home and I cant ask him for a long time.) I"m guessing he may have done exactly as it said to do. We may as well go hunting and see what we hope to not find..... ?>! Where shal we start hunting?
MeadowLark
We need to run HijackThis! to see what's on that system.


Please download HijackThis! SetUp from here. Save the file to your desktop.
  • Double-click the Image icon to begin the installation.
  • Follow the prompts for the default install location of:'C:\Program Files\HijackThis'.
  • Tick the Image button when the option appears.
  • Then hit the Image button.
  • At the 'Ready To Install' section hit the Image button and HJT will open
  • Then press the Image button. Once you've pressed the Image button, it will turn into a Image button.
  • Click the Image button and a 'Save log....' dialog box will appear. Save the log to your desktop. Then open up with the file and contents of the scan. Place the mouse cursor into the text field and right-click and selectImage

Then paste that log into the HijackThis forum and I'll look at it.
Image


Return to “General Software\Internet Discussion”

Who is online

Users browsing this forum: No registered users and 3 guests