help trojan horse generic 2
jennifertroi
Indiana usa
avg found this. how do i clean my comp from it?heres the report if i did it right:
- <history>
- <!-- 01c7114a3aeef760
-->
- <rec time="2006/11/06 20:45:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:844-818;iavi:530-488;</attr>
</rec>
- <rec time="2006/11/06 20:46:02" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/06 21:40:20" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avgcc:429-428;avgui:430-428;core:429-422;corent:429-422;email:429-422;ems:429-423;kernel:430-428;lng:430-428;lngus:430-428;</attr>
</rec>
- <rec time="2006/11/06 21:40:48" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">setup:429-428;</attr>
</rec>
- <rec time="2006/11/06 21:41:33" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/07 08:00:08" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/07 08:12:57" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/07 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:847-844;iavi:533-530;</attr>
</rec>
- <rec time="2006/11/08 08:00:04" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/08 08:12:34" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/09 08:00:04" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/09 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:848-847;iavi:535-533;</attr>
</rec>
- <rec time="2006/11/10 08:00:43" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/10 09:04:52" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:851-848;iavi:538-535;</attr>
</rec>
- <rec time="2006/11/10 13:16:44" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/10 13:30:27" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/11 08:00:04" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/11 08:12:13" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/12 08:00:02" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/12 08:13:35" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/12 09:04:15" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:852-851;iavi:540-538;</attr>
</rec>
- <rec time="2006/11/12 14:57:57" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/12 15:10:43" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/13 08:00:03" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/13 08:12:36" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/13 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:541-540;</attr>
</rec>
- <rec time="2006/11/13 12:41:45" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/13 12:54:08" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/14 08:00:04" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/14 08:13:11" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/14 09:04:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:854-852;iavi:543-541;</attr>
</rec>
- <rec time="2006/11/15 08:00:04" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/15 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:544-543;</attr>
</rec>
- <rec time="2006/11/16 08:00:02" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/16 08:14:22" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/16 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:855-854;iavi:545-544;</attr>
</rec>
- <rec time="2006/11/17 08:00:03" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/17 08:14:22" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/17 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:546-545;</attr>
</rec>
- <rec time="2006/11/18 08:00:24" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/18 09:05:09" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:856-855;iavi:547-546;</attr>
</rec>
- <rec time="2006/11/18 14:22:13" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\WNAKV1AD\perfectcodec.1355[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/18 14:22:28" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1G9XB8Y6\perfectcodec.1355[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/18 14:23:09" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1G9XB8Y6\perfectcodec.1355[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/18 14:23:28" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S5IT6IE2\perfectcodec.1355[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/18 14:24:27" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\S5IT6IE2\perfectcodec.1355[2].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/18 14:25:39" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1G9XB8Y6\perfectcodec.1355[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/18 14:25:54" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\WNAKV1AD\perfectcodec.1355[1].exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Zlob.DS</attr>
</rec>
- <rec time="2006/11/19 08:00:03" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/19 08:15:30" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/19 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:548-547;</attr>
</rec>
- <rec time="2006/11/19 23:10:40" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:858-856;iavi:550-548;</attr>
</rec>
- <rec time="2006/11/19 23:11:12" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/19 23:24:38" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/20 08:00:05" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/20 08:13:37" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/20 09:04:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:859-858;iavi:551-550;</attr>
</rec>
- <rec time="2006/11/21 08:00:03" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/21 09:04:10" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:860-859;iavi:553-551;</attr>
</rec>
- <rec time="2006/11/22 08:00:05" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/22 08:14:57" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/22 09:04:12" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:862-860;iavi:556-553;</attr>
</rec>
- <rec time="2006/11/22 18:51:46" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\girrcydc.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic2.AVS</attr>
</rec>
- <rec time="2006/11/22 18:51:53" user="Compaq_Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\girrcydc.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/11/22 18:52:16" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\jipieqcs.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic2.AVS</attr>
</rec>
- <rec time="2006/11/22 18:52:18" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\xdzazvrf.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic2.AVS</attr>
</rec>
- <rec time="2006/11/22 18:52:18" user="Compaq_Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\jipieqcs.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/11/22 18:52:22" user="Compaq_Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\xdzazvrf.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/11/22 18:52:35" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\qpwxbcwq.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic2.AVS</attr>
</rec>
- <rec time="2006/11/22 18:52:37" user="Compaq_Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\qpwxbcwq.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/11/22 19:05:06" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/22 19:06:42" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
- <rec time="2006/11/22 19:07:43" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\WY78QJ7D\n[1].anr</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Exploit.Downloader</attr>
</rec>
- <rec time="2006/11/22 19:07:59" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\XF83XT25\e[1].anr</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Exploit.Downloader</attr>
</rec>
- <rec time="2006/11/22 20:24:08" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:863-862;iavi:557-556;</attr>
</rec>
- <rec time="2006/11/22 20:24:27" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/22 20:26:09" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
- <rec time="2006/11/22 20:27:20" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\WY78QJ7D\n[1].anr</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Exploit.Downloader</attr>
</rec>
- <rec time="2006/11/22 20:27:37" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\XF83XT25\e[1].anr</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Exploit.Downloader</attr>
</rec>
- <rec time="2006/11/23 08:00:04" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/23 08:01:45" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
- <rec time="2006/11/23 08:02:54" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\WY78QJ7D\n[1].anr</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Exploit.Downloader</attr>
</rec>
- <rec time="2006/11/23 08:03:08" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\XF83XT25\e[1].anr</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Exploit.Downloader</attr>
</rec>
- <rec time="2006/11/24 08:00:02" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/24 08:01:40" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
- <rec time="2006/11/25 08:00:21" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/25 08:09:42" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
- <rec time="2006/11/25 09:04:11" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:866-863;iavi:561-557;</attr>
</rec>
- <rec time="2006/11/26 09:40:05" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/26 09:42:25" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
- <rec time="2006/11/26 09:56:30" user="Compaq_Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2006/11/26 10:59:06" user="Compaq_Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/11/26 11:01:31" user="Compaq_Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\miunst_.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic2.JDK</attr>
</rec>
</history>
0
Comments
Please Download HijackThis
Save HijackThis.exe to your desktop.
Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
Run HijackThis.exe
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Scan saved at 4:11:27 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\1157851688\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\*********\********* Personal Firewall\*********.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwfLYZRZ8Id0XVhUSDF0KyIMZHi7Q6m63ZN5sdYDlmFsG1pF5hOnFW2fRR+jkb0FxbZW85G70eBfmlYDpZivLiEBWOHwfNN7tcGeLZLw4R0fc=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\*********\********* Personal Firewall\PopUpKiller.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157851688\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [*********] C:\Program Files\*********\********* Personal Firewall\*********.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk762YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\*********\********* personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\*********\********* personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\*********\********* personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\*********\********* personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\*********\********* personal firewall\netdog.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I was having the same problem so I followed these steps in hope that you could help me too!
Logfile of HijackThis v1.99.1
Scan saved at 6:04:36 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.63.20.95:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://swgbetareg.station.sony.com/soesysinfo.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38F24A99-7FC2-45D2-A5B9-D0B6085360BF}: Domain = gateway.2wire.net
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)