1) I used HT and below are some logs. I don't have the original pre-messup log because HT automatically overwrites old logs. Is there a way to automatically name logs by time or do you have to do it manually?

2) I put some items in the Ignore list and then accidentlaly deleted one from it, in trying to return it to the main list. I think it was c:\windows\system32\igfxtray.exe, which is a necessary file for my processor by Intel. It is still listed in Msconfig's startup tab and in the registry \Run but does not show up in Task Manager even after I try to start the task in Task Manager. And it does not show up in HT logs. An HT log is below.
a) How do I get it back?
b) Can you "undo" in HT?



Below is Logfile of HijackThis v1.99.1
Scan saved at 4:19:52 PM, on 5/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SecurityTools\HijackThis\HijackThis1991.exe
C:\WINDOWS\system32\msiexec.exe

N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.youravon.com/"); (C:\Documents and Settings\Hoor Siddiqui\Application Data\Mozilla\Profiles\defaultvvq7pst.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hoor Siddiqui\Application Data\Mozilla\Profiles\defaultvvq7pst.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.bhgpr.com/CFIDE/classes/CFJava.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/26139bb66d8809ff3e22/...tzip/RdxIE2.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusin...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEF4FD9-E76E-4D57-9ACE-BB36511735E6}: NameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BEF4FD9-E76E-4D57-9ACE-BB36511735E6}: NameServer = 207.172.3.8 207.172.3.9
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll



3) I tried to get rid of the 017s but my system didn't work so I put them back. I got rid of a few other things but now my system is EXTREMELY slow, like Windows 3.1! Here is the latest log. If you'll notice, c:\windows\system32\cntfy.exe is gone. Does anyone know what it's for and how to start it? c:\windows\system32\msiexec.exe is also gone but that is an installer and i think it's OK whether it's in the log or not. I got rid of some of the 016s but maybe I shouldn't have?


Logfile of HijackThis v1.99.1
Scan saved at 9:15:28 AM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SecurityTools\HijackThis\HijackThis1991.exe

N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.youravon.com/"); (C:\Documents and Settings\Hoor Siddiqui\Application Data\Mozilla\Profiles\default\9vvq7pst.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Hoor Siddiqui\Application Data\Mozilla\Profiles\default\9vvq7pst.slt\prefs.js)
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusin...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O16 - DPF: {D92AE2EA-6C7E-4319-823F-70C9C2DA997D} -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Hi my1stname,

You've running HijackThis from a sensible location, so it should have created backups for every item you fixed (unless you deleted them).

If you've deleted them, undelete from the recycle bin. If they're gone, they're gone for good otherwise.

Try this: Run HijackThis, and click the Config button (in the bottom right hand cluster of buttons). Then on the next screen click on Backups.

Check the items you need to restore and click on Restore.

Exit HijackThis and reboot your system.

Thanks. These aren't items I've "fixed" so they are not in the Backups list. I checked anyway. Items deleted from HT are not sent to the Recycle Bin because they are not standard files. I've checked anyway. I want to know where items you Delete from the Ignore list go. And if there is an way to Undo.