Multiple trojans and virus again!
- Thread starter citywomanpg
- Start date
citywomanpg
New member
Well, I guess I'm all clean now and it's time to go...this part is always sad as I realize I'm saying goodbye to a helpful guardian... 
Thank you for all of your time and assistance!!! ...
Regards,
Citywoman
Thank you for all of your time and assistance!!! ...
Regards,
Citywoman
this part is always sad as I realize I'm saying goodbye to a helpful guardian...
Not goodbye, just see you later :bigthumb:
We will always be here for you
olice:citywomanpg
New member
ok then...à bientôt! :flowers:
citywomanpg
New member
Sorry, I actually have another related question. Spybot shows several startup entries, some of which I had uncheked. How do I permanently delete those entries? One in particular I'm concerned about is highlighted below in Red.
Thanks,
Citywomanpg
---------------------
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: e28d00ec675f5f5a5a0555e7a4523a6e
Located: HK_LM:Run, AEIWLSTA.EXE
command: AEIWLSTA.EXE START
file: C:\WINDOWS\system32\AEIWLSTA.EXE
size: 214016
MD5: 42872b98b8d2fe1ad032730bd0ac3c93
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: c0041bb27e2e5b0550c179ecf53425cd
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: fae95d6d7651b5629c4e19adbc9a3863
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: eed0dc3be7635eafb5abc62b51983ae0
Located: HK_LM:Run, BMMGAG
command: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
file: C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, BMMLREF
command: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
file: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
size: 20480
MD5: 99ea2e4a0d244a223829137f1550a2b6
Located: HK_LM:Run, BMMMONWND
command: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\Comodo\Firewall\CPF.exe" /background
file: C:\Program Files\Comodo\Firewall\CPF.exe
size: 1115728
MD5: 1f5882037bad07e9926f47a3a32f0931
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 102455
MD5: 946bab1251f68c29d60162ad45121862
Located: HK_LM:Run, EZEJMNAP
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 212992
MD5: ae9c9e685e746c423af90749bf9d442c
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961a4e2597453ee7a9347f22
Located: HK_LM:Run, PrinTray
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
size: 36864
MD5: 8fa5e9e4da096b932295f2029af06bba
Located: HK_LM:Run, QCWLICON
command: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
file: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
size: 86016
MD5: 45c139f26d20537916711ba71d34c4a5
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 57344
MD5: d4f5faa2fd2dc5923c82ee5808beed7c
Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
file: C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
size: 155648
MD5: e971b862b8db690b56baa0c23ac70e86
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
size: 144784
MD5: 9cc69118fdcbf17119f814fc0a65ca06
Located: HK_LM:Run, TP4EX
command: tp4ex.exe
file: C:\WINDOWS\system32\tp4ex.exe
size: 40960
MD5: d8aec88dee12c38404b186d5de2f58ec
Located: HK_LM:Run, TPHOTKEY
command: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
file: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
size: 94208
MD5: 2e7c1ae3834d8d53fe76e261baca1dab
Located: HK_LM:Run, TPKMAPHELPER
command: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
Located: HK_LM:Run, TrackPointSrv
command: tp4serv.exe
file: C:\WINDOWS\system32\tp4serv.exe
size: 94208
MD5: d01994516d0bcfd16e2539a2da5cc4f8
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
size: 90112
MD5: 4b954730657f43b88a308c41fe570331
Located: HK_LM:Run, Host Process (DISABLED)
command: C:\WINDOWS\Fonts\svchost.exe
Located: HK_LM:Run, Lexmark X83 Button Manager (DISABLED)
command: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
file: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
size: 53248
MD5: 3a9162141f9a32044fa9bb24fcbf5ad0
Located: HK_LM:Run, Lexmark X83 Button Monitor (DISABLED)
command: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
file: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
size: 40960
MD5: 393eff1f04a49ad901ec0ccd878ac7c0
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Located: HK_LM:Run, Tgcmd (DISABLED)
command: "C:\Program Files\Support.com\bin\tgcmd.exe /server"
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 401493
MD5: dbf976c1966385758fecbc59065f2cca
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d
Located: HK_CU:Run, tgcmd (DISABLED)
command: C:\Program Files\Support.com\bin\tgcmd.exe
Located: Startup (common), BlueSoleil.lnk (DISABLED)
command: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
file: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
size: 1183744
MD5: c2560eb72a613ad762bd518019b9a013
Located: Startup (common), Exif Launcher.lnk
command: C:\Program Files\FinePixViewer\QuickDCF.exe
file: C:\Program Files\FinePixViewer\QuickDCF.exe
size: 200704
MD5: 91e35f8e5c123ca3f1e5bad39fb57697
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Startup (common), QuickBooks Update Agent.lnk
command: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
file: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
size: 972064
MD5: 1a2ec9fb378af13623d3a03cb8ae56e1
Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Thanks,
Citywomanpg
---------------------
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: e28d00ec675f5f5a5a0555e7a4523a6e
Located: HK_LM:Run, AEIWLSTA.EXE
command: AEIWLSTA.EXE START
file: C:\WINDOWS\system32\AEIWLSTA.EXE
size: 214016
MD5: 42872b98b8d2fe1ad032730bd0ac3c93
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: c0041bb27e2e5b0550c179ecf53425cd
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: fae95d6d7651b5629c4e19adbc9a3863
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: eed0dc3be7635eafb5abc62b51983ae0
Located: HK_LM:Run, BMMGAG
command: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
file: C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, BMMLREF
command: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
file: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
size: 20480
MD5: 99ea2e4a0d244a223829137f1550a2b6
Located: HK_LM:Run, BMMMONWND
command: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\Comodo\Firewall\CPF.exe" /background
file: C:\Program Files\Comodo\Firewall\CPF.exe
size: 1115728
MD5: 1f5882037bad07e9926f47a3a32f0931
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 102455
MD5: 946bab1251f68c29d60162ad45121862
Located: HK_LM:Run, EZEJMNAP
command: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
file: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
size: 212992
MD5: ae9c9e685e746c423af90749bf9d442c
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961a4e2597453ee7a9347f22
Located: HK_LM:Run, PrinTray
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
size: 36864
MD5: 8fa5e9e4da096b932295f2029af06bba
Located: HK_LM:Run, QCWLICON
command: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
file: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
size: 86016
MD5: 45c139f26d20537916711ba71d34c4a5
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 57344
MD5: d4f5faa2fd2dc5923c82ee5808beed7c
Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
file: C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
size: 155648
MD5: e971b862b8db690b56baa0c23ac70e86
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
size: 144784
MD5: 9cc69118fdcbf17119f814fc0a65ca06
Located: HK_LM:Run, TP4EX
command: tp4ex.exe
file: C:\WINDOWS\system32\tp4ex.exe
size: 40960
MD5: d8aec88dee12c38404b186d5de2f58ec
Located: HK_LM:Run, TPHOTKEY
command: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
file: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
size: 94208
MD5: 2e7c1ae3834d8d53fe76e261baca1dab
Located: HK_LM:Run, TPKMAPHELPER
command: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
Located: HK_LM:Run, TrackPointSrv
command: tp4serv.exe
file: C:\WINDOWS\system32\tp4serv.exe
size: 94208
MD5: d01994516d0bcfd16e2539a2da5cc4f8
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
file: C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
size: 90112
MD5: 4b954730657f43b88a308c41fe570331
Located: HK_LM:Run, Host Process (DISABLED)
command: C:\WINDOWS\Fonts\svchost.exe
Located: HK_LM:Run, Lexmark X83 Button Manager (DISABLED)
command: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
file: C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
size: 53248
MD5: 3a9162141f9a32044fa9bb24fcbf5ad0
Located: HK_LM:Run, Lexmark X83 Button Monitor (DISABLED)
command: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
file: C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
size: 40960
MD5: 393eff1f04a49ad901ec0ccd878ac7c0
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Located: HK_LM:Run, Tgcmd (DISABLED)
command: "C:\Program Files\Support.com\bin\tgcmd.exe /server"
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 401493
MD5: dbf976c1966385758fecbc59065f2cca
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1038336
MD5: 58f7e6434d285f4c98ad3621e0bd8c8d
Located: HK_CU:Run, tgcmd (DISABLED)
command: C:\Program Files\Support.com\bin\tgcmd.exe
Located: Startup (common), BlueSoleil.lnk (DISABLED)
command: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
file: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
size: 1183744
MD5: c2560eb72a613ad762bd518019b9a013
Located: Startup (common), Exif Launcher.lnk
command: C:\Program Files\FinePixViewer\QuickDCF.exe
file: C:\Program Files\FinePixViewer\QuickDCF.exe
size: 200704
MD5: 91e35f8e5c123ca3f1e5bad39fb57697
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Startup (common), QuickBooks Update Agent.lnk
command: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
file: C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
size: 972064
MD5: 1a2ec9fb378af13623d3a03cb8ae56e1
Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
citywomanpg
New member
I used the System Startup function in Spybot Tools. That's where I got the list I posted in the previous post.
citywomanpg
New member
I was a bit scared of doing that, fearing that the delete function would remove all checked entries, i.e. the entries that I need/ want to retain in startup. Spybot's help files do not go into how that functionality works!
So, sorry to be repetitive, but I simply highlight each of the entries I want to remove (irrespective of whether or not it's checked in the checkbox) and click delete?
So, sorry to be repetitive, but I simply highlight each of the entries I want to remove (irrespective of whether or not it's checked in the checkbox) and click delete?
citywomanpg
New member
I've deleted the unwanted and suspicious startup entries through Spybot, as you directed.
One parting question, if you're able to guide me...do you know of a website that can guide/ teach me on how to set up a .bat file or script that can automatically run weekly scans on my computer, using some of the products you'd recommended?
This is the only way I know of to ensure ongoing good health for my computer. Otherwise, I'm afraid I do get busy and forget...
One parting question, if you're able to guide me...do you know of a website that can guide/ teach me on how to set up a .bat file or script that can automatically run weekly scans on my computer, using some of the products you'd recommended?
This is the only way I know of to ensure ongoing good health for my computer. Otherwise, I'm afraid I do get busy and forget...
Paid programs normally give the option of running a scheduled scan.
If a simple batch file could be used, no one would ever pay for the products.
The best option is to get in the habit of running a scan when you finish using the machine, ie. start a scan running just before you go to bed.
If a simple batch file could be used, no one would ever pay for the products.
The best option is to get in the habit of running a scan when you finish using the machine, ie. start a scan running just before you go to bed.
citywomanpg
New member
ok, that's good advice!
Thank you for all of your help and assistance! Have a great weekend...
Citywoman
Thank you for all of your help and assistance! Have a great weekend...
Citywoman
citywomanpg
New member
I meant for all your help and guidance..