4832 + Interview Questions in Computer viruses and spyware in Software Page 22 InterviewSolution

1051.	Solve : Mother Board replacement?
Answer» My system's board needs to be replaced. Can I use the oprating system CD that was SHIPPED with it to REINSTALL the opertaing SYTEM after REPLACING the board? its XpDouble Post. See your other Topic for replies. Topic Closed.

Discussion

1052.	Solve : Annoying Popups?
Answer» Im suspecting my dad has been on a dodgy site and now, shizzle loads of "Your system is affected with the LATEST version of spyware, download our anti virus now" Ive run NORTON Anti Virus and fixed everything its found Ive run Windows Defender and fixed everything that that found Ive run SpyBot S&D and fixed everything that that found And its still popping up saying i need to install a virus affected anti virus Is there any way apart from formating the C:/ that will get RID of this as its starting to really piss me off now Thanks Quote from: Useless on October 20, 2007, 03:27:08 PM Ive run Norton Anti Virus and fixed everything its found Ive run Windows Defender and fixed everything that that found Ive run SpyBot S&D and fixed everything that that found And its still popping up saying i need to install a virus affected anti virus I assume you didn't run them in Safe Mode. You should go into Safe Mode and scan your computer again, if you haven't already. Instructions for getting into Safe Mode.Posting your HijackThis (http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html) log back here may be helpful... Quote from: dairyman on October 20, 2007, 05:29:46 PM Quote from: Useless on October 20, 2007, 03:27:08 PM Ive run Norton Anti Virus and fixed everything its found Ive run Windows Defender and fixed everything that that found Ive run SpyBot S&D and fixed everything that that found And its still popping up saying i need to install a virus affected anti virus I assume you didn't run them in Safe Mode. You should go into Safe Mode and scan your computer again, if you haven't already. Instructions for getting into Safe Mode. I havent, i will when i get in tomorrowWell if the PC is asking you to install something then install it. READ mate!!!! LISTEN !!!!!!!! Unfortunately, not all "advice" is worth listening to... —CBMatt Quote from: dos nerd on October 25, 2007, 03:24:07 AM Well if the PC is asking you to install something then install it. Whatever you do DO NOT follow this advice. The persistent pop ups you report in post #1 are almost undoubtedly fake - as you no doubt realise - and will make your system worse if do what they "ADVISE". Much malware tries to goad the user into downloading something that does more harm than good. Before you do anything else follow Broni's recommendation ... scan your system with HJT and post the resulting log file report here. More specific advice will follow to help fix the problem you have. OJ Quote from: dos nerd on October 25, 2007, 03:24:07 AM Well if the PC is asking you to install something then install it. This isn't the PC telling you to install AV software, it is the virus itself!i finaaly fixed it, i ended up downloading a trial of BitDefender, that did the trick hails Bit DefenderBitDefender is awesome but you should still read this post to ensure everything is gone.

1052.

Solve : Annoying Popups?

Answer»

Im suspecting my dad has been on a dodgy site and now, shizzle loads of "Your system is affected with the LATEST version of spyware, download our anti virus now"

Ive run NORTON Anti Virus and fixed everything its found
Ive run Windows Defender and fixed everything that that found
Ive run SpyBot S&D and fixed everything that that found

And its still popping up saying i need to install a virus affected anti virus

Is there any way apart from formating the C:/ that will get RID of this as its starting to really piss me off now

Thanks Quote from: Useless on October 20, 2007, 03:27:08 PM

Ive run Norton Anti Virus and fixed everything its found
Ive run Windows Defender and fixed everything that that found
Ive run SpyBot S&D and fixed everything that that found

And its still popping up saying i need to install a virus affected anti virus

I assume you didn't run them in Safe Mode. You should go into Safe Mode and scan your computer again, if you haven't already.

Instructions for getting into Safe Mode.Posting your HijackThis (http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html) log back here may be helpful... Quote from: dairyman on October 20, 2007, 05:29:46 PM

Quote from: Useless on October 20, 2007, 03:27:08 PM
Ive run Norton Anti Virus and fixed everything its found
Ive run Windows Defender and fixed everything that that found
Ive run SpyBot S&D and fixed everything that that found

And its still popping up saying i need to install a virus affected anti virus

I assume you didn't run them in Safe Mode. You should go into Safe Mode and scan your computer again, if you haven't already.

Instructions for getting into Safe Mode.

I havent, i will when i get in tomorrowWell if the PC is asking you to install something then install it.

READ mate!!!!
LISTEN !!!!!!!!

Unfortunately, not all "advice" is worth listening to... —CBMatt Quote from: dos nerd on October 25, 2007, 03:24:07 AM

Well if the PC is asking you to install something then install it.

Whatever you do DO NOT follow this advice.

The persistent pop ups you report in post #1 are almost undoubtedly fake - as you no doubt realise - and will make your system worse if do what they "ADVISE".

Much malware tries to goad the user into downloading something that does more harm than good.

Before you do anything else follow Broni's recommendation ... scan your system with HJT and post the resulting log file report here.

More specific advice will follow to help fix the problem you have.

OJ Quote from: dos nerd on October 25, 2007, 03:24:07 AM

Well if the PC is asking you to install something then install it.

This isn't the PC telling you to install AV software, it is the virus itself!i finaaly fixed it, i ended up downloading a trial of BitDefender, that did the trick

*hails Bit Defender*BitDefender is awesome but you should still read this post to ensure everything is gone.

Discussion

1053.	Solve : help with virus please?
Answer» Hi I had windows antivirus 2009 on my computer. I have follwed the 6 steps outlined out in - 'Read this before requesting malware removal help' topic. I have attached the three logs onto my post. I would be grateful for some advice on what to do next. Just let me know if you need to know anything else about my computer. Thankyou. [Saving space - attachment deleted by admin]ADDITIONAL useful information: Operating SYSTEM: Windows XP Computer: Fujitsu Siemens Service Pack 2 Currently using my computer in safe mode with networking.Download ComboFix and save it to your desktop. RUN the program and read its disclaimer (it's FAIRLY short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here, along with a fresh new HijackThis log. Note: Don't click on the window while it's running; this may cause stalls.Hi, Here are my logs for combofix and a new hijackthis. [Saving space - attachment deleted by admin]Okay, it's looking a little better, but there are still a couple of things we need to try... Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY) • You can put ATF-Cleaner on your Desktop for easy access. RUN ATF-Cleaner.exe. -- Click on ATF-Cleaner to run it -- Where it says Select Files To Delete, Check the Select All Option -- Click Empty Selected > OK If you use Firefox browser, do this also: * Click Firefox at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, click No at the prompt. Then...Run the ESET Online Scanner and ATTACH the ScanLog with your post. * You will need to use Internet Explorer to to complete this scan. * You will need to temporarily Disable your current Anti-virus program. * Be sure the option to Scan unwanted applications is checked. * When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log along with a new HijackThis log.

Discussion

1054.	Solve : recomend??
Answer» Can anyone recomend a good FREE spyware program to download....i downloaded spywarebot it said i had tons of viruses but i didnt want to pay to remove them...any recommendations?- Spybot - http://www.safer-networking.org/ - Ad-aware - http://www.lavasoftusa.com/ - Advanced WindowsCare - http://www.download.com/Advanced-WindowsCare-Personal/3000-2086-10407614.html - Spyware Terminator (REAL time protection) - http://www.spywareterminator.com/Also be sure to UNINSTALL Spywarebot. It is on the Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites Quote from: EVILFANTASY on OCTOBER 29, 2007, 11:31:08 PM Also be sure to uninstall Spywarebot. It is on the Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites AGREED. Spywarebot is a rogue program intended to scam you out of money. A lot of people tend to fall for it because it uses a name very similar to Spybot, which you should definitely have (the link is in Broni's post). It's a great program and it's free. Another good one you should have is SUPERAntiSpyware. Also free. I would suggest having those two and Ad-aware. But it's entirely up to you, of course.

1054.

Solve : recomend??

Answer»

Can anyone recomend a good FREE spyware program to download....i downloaded spywarebot it said i had tons of viruses but i didnt want to pay to remove them...any recommendations?- Spybot - http://www.safer-networking.org/
- Ad-aware - http://www.lavasoftusa.com/
- Advanced WindowsCare - http://www.download.com/Advanced-WindowsCare-Personal/3000-2086-10407614.html
- Spyware Terminator (REAL time protection) - http://www.spywareterminator.com/Also be sure to UNINSTALL Spywarebot.

It is on the Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites Quote from: EVILFANTASY on OCTOBER 29, 2007, 11:31:08 PM

Also be sure to uninstall Spywarebot.

It is on the Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites

AGREED. Spywarebot is a rogue program intended to scam you out of money. A lot of people tend to fall for it because it uses a name very similar to Spybot, which you should definitely have (the link is in Broni's post). It's a great program and it's free. Another good one you should have is SUPERAntiSpyware. Also free. I would suggest having those two and Ad-aware. But it's entirely up to you, of course.

Discussion

1055.	Solve : ultraVNC 1.0.2 RAT !!!?
Answer» eveytime when i scan norton antispy software of yahoo toolbar , then i get an error that ultra vnc1.0.2 catagory RAT recommendation to remove . but the problem is that itcan't be remove by any means it show that it is in my registry like that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VNCCOM some THIG WITTEN in this MANNER name- "next instance " type - "reg_dword " data- "0x00000001(1)" is in right hand box pls tell me what is that and how can i ruled out this .Ultra VNC is software that allows your computer to share itself and control with another user. I use it for IT puroposes. However what you ahve is a Malware A REMOTE Administration Tool (RAT) is a program that creates a client in the attacker machine and a server in the attacked machine, giving the ability to remotely administer an attacked machine.) So to resolve your issue you need software designed to remove the RAT. I believe you can find it here: http://www.econsultant.com/spyware-database/how-to-remove-rat.html

Discussion

1056.	Solve : Display Settings....?
Answer» I recently installed utorrent in my system....(Win XP) from then I cound not able to see control panel nor i COULD able to adjust display properties..... Do you have a SOLUTION for this problem??Wrong forum, but hopefully some mod will move it... Tried System Restore? After installing utorrent, how much stuff did you download? How is your security protection?Sorry for posting in wrong forum... Tried system restore.... downloaded 160mb after installing utorrent.... Quote How is your security protection? Firewall, antivirus, antispyware... Do you have Windows XP CD, or Recovery CD?I have AVG anti virus installed and it could not detect it.... i do not have xp cd/ recovery cd... Quote I cound not able to see control panel nor i could able to adjust display properties.. Everything else works OK? Do you have firewall up? Get HijackThis: http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html and POST its log back here... Maybe, you posted in right forum...hmmmmLogfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:04:23 AM, on 11/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\proper.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\Admin\Desktop\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\opnkllm.dll (file missing) O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe O4 - Startup: infos.exe O4 - Global Startup: autos.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50 O17 - HKLM\System\CCS\Services\Tcpip\..\{3996AAFB-5A5F-4060-AFBA-D29253B6AF1D}: NameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDA597E-22C6-490A-A478-D427832946C8}: NameServer = 202.54.12.164,202.54.29.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{FBEF74EB-5EE5-4440-B6F4-20580D9E7EA3}: NameServer = 202.88.174.6,202.88.174.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat O20 - Winlogon Notify: opnkllm - opnkllm.dll (file missing) O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing) O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\pqgupupq.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SuperProServer - Unknown owner - spnsrvnt.exe (file missing) -- End of file - 7319 bytes You have quiet a few bad GUYS there. I'll be back in an hour, or so to take closer look... You didn't answer my question about firewall...Broni is correct, you have a nasty one on there. But your copy of HijackThis is the old Beta version so for future scans you will want to use the updated version. http://filehippo.com/download_hijackthis/1. Print out these instructions as we will need to close every window that is open later in the fix. 2. Download SmitfraudFix.exe from here and save it to your desktop: http://www.bleepingcomputer.com/files/smitfraudfix.php 3. Next, please reboot your computer into Safe Mode by doing the following: a. Restart your computer b. Start tapping F8 key c. A menu will appear d. Select the first option, to run Windows in Safe Mode. 4. Close all open Windows. 5. Now, double-click on the SmitFraudfix icon. 6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen. 7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean. 8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program. This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step. 9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key. 10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot. 11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Save that log to your desktop, and attach it to your next reply. i could not get the log file for this but..... now my system is perfect...... thank u so much Broni Quote from: hidinu on November 18, 2007, 10:32:23 PM i could not get the log file for this but..... now my system is perfect...... thank u so much Broni Wow. That was quick. Quote i could not get the log file for this but Why would that be? I still need to see your new HJT log to make sure you're clean.Here is the log file...... Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:28:00 PM, on 11/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Everstrike Software\Lock Folder XP 3.3\LF30.exe C:\Program Files\Internet Explorer\iexplore.exe F:\soft ware\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\opnkllm.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\devadwp.exe O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50 O17 - HKLM\System\CCS\Services\Tcpip\..\{3996AAFB-5A5F-4060-AFBA-D29253B6AF1D}: NameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDA597E-22C6-490A-A478-D427832946C8}: NameServer = 202.54.12.164,202.54.29.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{FBEF74EB-5EE5-4440-B6F4-20580D9E7EA3}: NameServer = 202.88.174.6,202.88.174.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50 O17 - HKLM\System\CS2\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat O20 - Winlogon Notify: opnkllm - opnkllm.dll (file missing) O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing) O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\pqgupupq.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SuperProServer - Unknown owner - spnsrvnt.exe (file missing) -- End of file - 7220 bytes Looking at your HJT log, I suspect, you didn't really run SmitfraudFix.exe, as advised in my previous post. Please, follow my previous instructions, and run it now. Don't forget to attach its log. I can't proceed any further, before I see that log. You, also didn't answer my question, if you're running any firewall.

1056.

Solve : Display Settings....?

Answer»

I recently installed utorrent in my system....(Win XP)

from then I cound not able to see control panel nor i COULD able to adjust display properties.....

Do you have a SOLUTION for this problem??Wrong forum, but hopefully some mod will move it...

Tried System Restore?
After installing utorrent, how much stuff did you download? How is your security protection?Sorry for posting in wrong forum...

Tried system restore....

downloaded 160mb after installing utorrent.... Quote

How is your security protection?

Firewall, antivirus, antispyware...
Do you have Windows XP CD, or Recovery CD?I have AVG anti virus installed and it could not detect it....

i do not have xp cd/ recovery cd... Quote

I cound not able to see control panel nor i could able to adjust display properties..

Everything else works OK? Do you have firewall up?
Get HijackThis: http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html
and POST its log back here...
Maybe, you posted in right forum...hmmmmLogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:04:23 AM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\proper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\opnkllm.dll (file missing)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: autos.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{3996AAFB-5A5F-4060-AFBA-D29253B6AF1D}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDA597E-22C6-490A-A478-D427832946C8}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBEF74EB-5EE5-4440-B6F4-20580D9E7EA3}: NameServer = 202.88.174.6,202.88.174.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O20 - Winlogon Notify: opnkllm - opnkllm.dll (file missing)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\pqgupupq.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SuperProServer - Unknown owner - spnsrvnt.exe (file missing)

--
End of file - 7319 bytes
You have quiet a few bad GUYS there. I'll be back in an hour, or so to take closer look...
You didn't answer my question about firewall...Broni is correct, you have a nasty one on there.

But your copy of HijackThis is the old Beta version so for future scans you will want to use the updated version. http://filehippo.com/download_hijackthis/1. Print out these instructions as we will need to close every window that is open later in the fix.

2. Download SmitfraudFix.exe from here and save it to your desktop:

http://www.bleepingcomputer.com/files/smitfraudfix.php

3. Next, please reboot your computer into Safe Mode by doing the following:

a. Restart your computer

b. Start tapping F8 key

c. A menu will appear

d. Select the first option, to run Windows in Safe Mode.

4. Close all open Windows.

5. Now, double-click on the SmitFraudfix icon.

6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.

8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.

9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.

10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.

11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
Save that log to your desktop, and attach it to your next reply. i could not get the log file for this but..... now my system is perfect......
thank u so much Broni Quote from: hidinu on November 18, 2007, 10:32:23 PM

i could not get the log file for this but..... now my system is perfect......
thank u so much Broni

Wow. That was quick. Quote

i could not get the log file for this but

Why would that be?

I still need to see your new HJT log to make sure you're clean.Here is the log file......

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:28:00 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Everstrike Software\Lock Folder XP 3.3\LF30.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\soft ware\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\opnkllm.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\devadwp.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{3996AAFB-5A5F-4060-AFBA-D29253B6AF1D}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDA597E-22C6-490A-A478-D427832946C8}: NameServer = 202.54.12.164,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBEF74EB-5EE5-4440-B6F4-20580D9E7EA3}: NameServer = 202.88.174.6,202.88.174.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{14614E83-42B2-4325-8949-164141D23A4A}: NameServer = 10.0.0.1,202.54.6.50
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
O20 - Winlogon Notify: opnkllm - opnkllm.dll (file missing)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\pqgupupq.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SuperProServer - Unknown owner - spnsrvnt.exe (file missing)

--
End of file - 7220 bytes
Looking at your HJT log, I suspect, you didn't really run SmitfraudFix.exe, as advised in my previous post.
Please, follow my previous instructions, and run it now.
Don't forget to attach its log.
I can't proceed any further, before I see that log.

You, also didn't answer my question, if you're running any firewall.

Discussion

1057.	Solve : D:/ Virus? Please help~!?
Answer» Hi. I'm really new to the forums like... today is my first time? so, I don't really know where I should be posting this... I've been having some really odd problems with my computer. It's a nice computer with a lot of Harddrive space (1.0 GB) and a decent processor (sorry, I don't know the number and I can't check...). Thus, it should be really fast and effecient. The problems STARTED a long time ago, it'd take almost 15 minutes after starting or restarting before it was useable. Loading times were outrages when programs started, and I suffered massive lags while playing games... I didn't take action until I did a virus scan and noticed a Trojan virus on my D: drive. The program said that it was unable to remove the virus and suggested to scan before Windows booted up. So I set it up to do so and went to bed. When I woke up a few hours later, I noticed the slow progress of the scan had barely progressed to 69%. I figured I'd wait it out until the rest, and waited. And waited. And waited. I left the room, and came back about twenty minutes later to find it had reset to 0%. I thought maybe it had moved on to a different file although everything read the same but the percentage and waited it out. Until it stayed on 23% for over an hour. Finally, I decided to WIPE out all the data. Start new. I made copies of everything I wanted to keep, and went into the System Restore and chose the function to wipe the memory and start over as it came from the factory. The process was running smoothly and said it would take 15 minutes. It's been roughly over two and a half hours at 78%, claiming that less than a minute remains. I don't know what to do. I'm scared to turn off the computer, because I don't know what the result will be. Will they return to how they were before I attempted to flush the system? Or will it be some half-flushed unable to function mess? Even if it ~does~ go back to how it was... how do I fix this?! I'm considering spending the $200+ trip to Geek Squad and have them service it... but I'm a college student HURTING for the money... Suggestions? Help would be EXTREMELY appreciated. ~ ACouple of things: 1. You don't state what Windows version. 2. Quote Harddrive space (1.0 GB) I assume, you are talking about an amount of RAM, you have. Right? 3. Quote I did a virus scan ...using what program? 4. Quote System Restore and chose the function to wipe the memory and start over as it came from the factory ...I assume, it wasn't Windows System restore, but your computer manufacturer Recovery CD. Right? What is your computer make, and model? 5. Quote I'm considering spending the $200+ trip to Geek Squad and have them service it ...You may want to hold on to those $200, for now. Quote from: Broni on October 11, 2007, 01:09:06 PM Couple of things: 1. You don't state what Windows version. I'm using Windows XP. 2. Quote Harddrive space (1.0 GB) I assume, you are talking about an amount of RAM, you have. Right? [/quote] That would be correct. 3. Quote I did a virus scan ...using what program? [/quote] I don't own any Virus scans, so use download.com to get free 30 day trials. The program that detected the virus was McAfee. 4. Quote System Restore and chose the function to wipe the memory and start over as it came from the factory ...I assume, it wasn't Windows System restore, but your computer manufacturer Recovery CD. Right? What is your computer make, and model? [/quote] I actually did do the System Restore. Or the feature by pushing F10 when the computer is restarting? It's still actually on the same percentage -now- as it was when I posted.... My computer is an HP Pavilion a1130n. At least, I'm hoping that is the computer model? 5. Quote I'm considering spending the $200+ trip to Geek Squad and have them service it ...You may want to hold on to those $200, for now. [/quote] [/quote] I dont' know how else to fix this? It is still on the system restore process with no way of canceling. Will turning the computer off and restarting mess with it? I'm scared that something will happen. It started at point A and isn't going to end at point B - I'm nervous about restarting because it could either revert to point A which would be ideal, or revert to some point halfway between and could be horrid? I wish, everyone answers QUESTION, as nicely, as you did Quote I don't own any Virus scans This is UNACCEPTABLE!!! When everything is said, and done, get a free version of AVG: http://free.grisoft.com/ I assume, you don't have Windows XP CD, since they don't give it away these days, but do you have HP Recovery CD, or they don't provide it, either? Hold on to that recovery process for little longer, and post back about its progress... Quote from: Broni on October 11, 2007, 03:34:11 PM I wish, everyone answers question, as nicely, as you did Thanks. ^_~ Quote Quote I don't own any Virus scans This is UNACCEPTABLE!!! When everything is said, and done, get a free version of AVG: http://free.grisoft.com/ I've heard about that... and was planning on installing that when I get this worked out. But thank you for the link~! Quote I assume, you don't have Windows XP CD, since they don't give it away these days, but do you have HP Recovery CD, or they don't provide it, either? Considering I don't know when I got the virus, I'm scared to go back to the Recovery Discs that I made a year back. My computer was still a little slow back then - even when it really shouldn't be. I'd hate to 'fix' my computer only to bring back the problem.... Quote Hold on to that recovery process for little longer, and post back about its progress... Well, I haven't done anything with it and it's still been running all day. It's still lingering on 78% with 'less than one minute remaining'. Although... it's been saying that for over thirteen and a half hours.... One of my friend's friends offered to take a look at it, so I think I'm going to take him up on it. If he can fix it, I'll certainly post what he did to fix this. And if he can't, then I'll still post what he did so hopefully we can figure this out~! Thank you for your help. Any more suggestions would still be appreciated~! ^_^ Quote It's still lingering on 78% with 'less than one minute remaining'. You better not interrupt it, yet, since as I can see, you have an access to another computer. At least wait until your friend comes, or REPORT any further progress.

1057.

Solve : D:/ Virus? Please help~!?

Answer»

Hi. I'm really new to the forums *like... today is my first time?* so, I don't really know where I should be posting this...

I've been having some really odd problems with my computer. It's a nice computer with a lot of Harddrive space (1.0 GB) and a decent processor (sorry, I don't know the number and I can't check...). Thus, it should be really fast and effecient.

The problems STARTED a long time ago, it'd take almost 15 minutes after starting or restarting before it was useable. Loading times were outrages when programs started, and I suffered massive lags while playing games...

I didn't take action until I did a virus scan and noticed a Trojan virus on my D: drive. The program said that it was unable to remove the virus and suggested to scan before Windows booted up. So I set it up to do so and went to bed.

When I woke up a few hours later, I noticed the slow progress of the scan had barely progressed to 69%. I figured I'd wait it out until the rest, and waited. And waited. And waited. I left the room, and came back about twenty minutes later to find it had reset to 0%. I thought maybe it had moved on to a different file *although everything read the same but the percentage* and waited it out. Until it stayed on 23% for over an hour.

Finally, I decided to WIPE out all the data. Start new. I made copies of everything I wanted to keep, and went into the System Restore and chose the function to wipe the memory and start over as it came from the factory.

The process was running smoothly and said it would take 15 minutes. It's been roughly over two and a half hours at 78%, claiming that less than a minute remains.

I don't know what to do.

I'm scared to turn off the computer, because I don't know what the result will be. Will they return to how they were before I attempted to flush the system? Or will it be some half-flushed unable to function mess?

Even if it ~does~ go back to how it was... how do I fix this?!

I'm considering spending the $200+ trip to Geek Squad and have them service it... but I'm a college student HURTING for the money...

Suggestions? Help would be EXTREMELY appreciated.

~ ACouple of things:
1. You don't state what Windows version.
2. Quote

Harddrive space (1.0 GB)

I assume, you are talking about an amount of RAM, you have. Right?
3. Quote

I did a virus scan

...using what program?
4. Quote

System Restore and chose the function to wipe the memory and start over as it came from the factory

...I assume, it wasn't Windows System restore, but your computer manufacturer Recovery CD. Right? What is your computer make, and model?
5. Quote

I'm considering spending the $200+ trip to Geek Squad and have them service it

...You may want to hold on to those $200, for now. Quote from: Broni on October 11, 2007, 01:09:06 PM

Couple of things:
1. You don't state what Windows version.

I'm using Windows XP.

2. Quote

Harddrive space (1.0 GB)

I assume, you are talking about an amount of RAM, you have. Right?

[/quote] That would be correct.

3. Quote

I did a virus scan

...using what program?

[/quote] I don't own any Virus scans, so use download.com to get free 30 day trials. The program that detected the virus was McAfee.

4. Quote

System Restore and chose the function to wipe the memory and start over as it came from the factory

...I assume, it wasn't Windows System restore, but your computer manufacturer Recovery CD. Right? What is your computer make, and model?

[/quote] I actually did do the System Restore. Or the feature by pushing F10 when the computer is restarting? It's still actually on the same percentage -now- as it was when I posted....
My computer is an HP Pavilion a1130n. At least, I'm hoping that is the computer model?

5. Quote

I'm considering spending the $200+ trip to Geek Squad and have them service it

...You may want to hold on to those $200, for now.
[/quote]

[/quote] I dont' know how else to fix this? It is still on the system restore process with no way of canceling. Will turning the computer off and restarting mess with it? I'm scared that something will happen. It started at point A and isn't going to end at point B - I'm nervous about restarting because it could either revert to point A which would be ideal, or revert to some point halfway between and could be horrid?

I wish, everyone answers QUESTION, as nicely, as you did

Quote

I don't own any Virus scans

This is UNACCEPTABLE!!!
When everything is said, and done, get a free version of AVG: http://free.grisoft.com/

I assume, you don't have Windows XP CD, since they don't give it away these days, but do you have HP Recovery CD, or they don't provide it, either?

Hold on to that recovery process for little longer, and post back about its progress... Quote from: Broni on October 11, 2007, 03:34:11 PM

I wish, everyone answers question, as nicely, as you did

Thanks. ^_~

Quote

Quote
I don't own any Virus scans
This is UNACCEPTABLE!!!
When everything is said, and done, get a free version of AVG: http://free.grisoft.com/

I've heard about that... and was planning on installing that when I get this worked out. But thank you for the link~!

Quote

I assume, you don't have Windows XP CD, since they don't give it away these days, but do you have HP Recovery CD, or they don't provide it, either?

Considering I don't know when I got the virus, I'm scared to go back to the Recovery Discs that I made a year back. My computer was still a little slow back then - even when it really shouldn't be. I'd hate to 'fix' my computer only to bring back the problem....

Quote

Hold on to that recovery process for little longer, and post back about its progress...

Well, I haven't done anything with it and it's still been running all day. It's still lingering on 78% with 'less than one minute remaining'. Although... it's been saying that for over thirteen and a half hours....

One of my friend's friends offered to take a look at it, so I think I'm going to take him up on it. If he can fix it, I'll certainly post what he did to fix this. And if he can't, then I'll still post what he did so hopefully we can figure this out~!

Thank you for your help. Any more suggestions would still be appreciated~! ^_^

Quote

It's still lingering on 78% with 'less than one minute remaining'.

You better not interrupt it, yet, since as I can see, you have an access to another computer.
At least wait until your friend comes, or REPORT any further progress.

Discussion

1058.	Solve : Need help with my comp...?
Answer» Quote from: oaparicio on October 03, 2007, 08:45:09 PM Ok, tried to install SP2 again. It still says that the comp is in an unstable state. The installation gets interrupted half-way through it. That may be because you haven't installed SP1 yet. SP1 is an important update and without it, you're fairly vulnerable. Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx Apply the update, reboot, and post a fresh HijackThis LOG. SP2 needs to be installed on a clean system, so please don't try to install it until I give you the clearance.I thought I already installed it, but will install it again...I'll post the highjackthis when I install it again.ok this is weird...came home today. ran highjack and it said that I have sp2 installed? huh? But it did not complete the installation for it yesterday. ok so I followed the link you supplied. And tried to re-install sp1, "Setup has detected that the service pack version is newer than the update you are applying to it. You can only install this update on Service Pack 1." So I ran hijackthis and it said I have sp2 installed. ooooookay. So I wanted to make sure, so I tried to get into control panel...Windows explorer encounters and error, needs to shut down. I notice on taskmanager that dwwin.exe runs as soon as I try to get into control panel. Dr watson I believe....OK so here is the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:52:29 PM, on 10/4/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-SPYWARE 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\LTSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\new\backup\2007\office\mico\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing) O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [GrooveMonitor] "I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\new\backup\2007\office\mico\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://s09ggems01.gsa.gov/iNotes6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776344968 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189776520859 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4876/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\new\backup\2007\office\mico\Office12\GR99D3~1.DLL O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing) O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Firewall - Unknown owner - c:\program files\mcafee\mcafee firewall\CPD.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 14944 bytes HJT shows you without any SP, but it shows that you have IE6 SP2. It could be a problem with your OS or it could just be a bug. Out of curiosity, try running this slightly older version of HijackThis that is more stable: http://merijn.org/files/HijackThis.exe Also, do you have a shiny official Windows CD for your computer?Logfile of HijackThis v1.99.1 Scan saved at 9:50:51 AM, on 10/6/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\LTSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Comodo\Firewall\CPF.exe I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\BitTornado\btdownloadgui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Ulead Systems\Ulead VideoStudio 10\vstudio.exe C:\Program Files\Ulead Systems\Ulead VideoStudio 10\vstudio.dat C:\Documents and Settings\Oscar\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\new\backup\2007\office\mico\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing) O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [GrooveMonitor] "I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: BounceBack Launcher.lnk = ? O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\new\backup\2007\office\mico\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://s09ggems01.gsa.gov/iNotes6.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776344968 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189776520859 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4876/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\new\backup\2007\office\mico\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing) O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Firewall - Unknown owner - c:\program files\mcafee\mcafee firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE And all I have are the recovery cds for the comp. nothing else. nope, wasn't able to get one.Without SP1 or 2 and the inability to do updates this could be an exercise in futility... SP2 is not just a security fix it is a major OS upgrade. I WOULD look into alternatives to getting it installed ASAP.

1058.

Solve : Need help with my comp...?

Answer»

Quote from: oaparicio on October 03, 2007, 08:45:09 PM

Ok, tried to install SP2 again. It still says that the comp is in an unstable state. The installation gets interrupted half-way through it.

That may be because you haven't installed SP1 yet. SP1 is an important update and without it, you're fairly vulnerable. Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Apply the update, reboot, and post a fresh HijackThis LOG.

SP2 needs to be installed on a clean system, so please don't try to install it until I give you the clearance.I thought I already installed it, but will install it again...I'll post the highjackthis when I install it again.ok this is weird...came home today. ran highjack and it said that I have sp2 installed? huh? But it did not complete the installation for it yesterday. ok so I followed the link you supplied. And tried to re-install sp1, "Setup has detected that the service pack version is newer than the update you are applying to it. You can only install this update on Service Pack 1." So I ran hijackthis and it said I have sp2 installed. ooooookay. So I wanted to make sure, so I tried to get into control panel...Windows explorer encounters and error, needs to shut down. I notice on taskmanager that dwwin.exe runs as soon as I try to get into control panel. Dr watson I believe....OK so here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:29 PM, on 10/4/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-SPYWARE 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\LTSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\new\backup\2007\office\mico\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [GrooveMonitor] "I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\new\backup\2007\office\mico\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://s09ggems01.gsa.gov/iNotes6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776344968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189776520859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4876/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\new\backup\2007\office\mico\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - c:\program files\mcafee\mcafee firewall\CPD.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14944 bytes
HJT shows you without any SP, but it shows that you have IE6 SP2. It could be a problem with your OS or it could just be a bug. Out of curiosity, try running this slightly older version of HijackThis that is more stable:
http://merijn.org/files/HijackThis.exe

Also, do you have a shiny official Windows CD for your computer?Logfile of HijackThis v1.99.1
Scan saved at 9:50:51 AM, on 10/6/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\LTSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\vstudio.exe
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\vstudio.dat
C:\Documents and Settings\Oscar\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\new\backup\2007\office\mico\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (file missing)
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [GrooveMonitor] "I:\new\backup\2007\office\mico\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\new\backup\2007\office\mico\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\new\backup\2007\office\mico\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://s09ggems01.gsa.gov/iNotes6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776344968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189776520859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.groups.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4876/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\new\backup\2007\office\mico\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - c:\program files\mcafee\mcafee firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

And all I have are the recovery cds for the comp. nothing else. nope, wasn't able to get one.Without SP1 or 2 and the inability to do updates this could be an exercise in futility...
SP2 is not just a security fix it is a major OS upgrade.
I WOULD look into alternatives to getting it installed ASAP.

Discussion

1059.	Solve : Keep getting Micosoft error boxes?
Answer» They are HUGE (70% of the screen) and have about blank beneath it. I was told to do a hijackthis and post it here. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58:29 PM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\GRISOFT\AVG7\avgcc.exe D:\WINDOWS\system32\RunDll32.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe D:\Program Files\IE New Window Maximizer\iemaximizer.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe D:\PROGRA~1\Grisoft\AVG7\avgemc.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\John Matthews\My Documents\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bigblueheaven.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKCU\..\Run: [IE New Window Maximizer] D:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert MANAGER Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- End of file - 3660 bytes Let me take a look...It's perfectly clean...Now, we can go back to your original THREAD.

Discussion

1060.	Solve : Hijack This logfile, please check?
Answer» I was recently doing some googling for printers, clicked on something that seemed perfectly legit, and wham! It directed me to one of those "your computer is infected with spyware, we are surrently scanning your computer for all the latest security risks yadda yadda yadda..." sites. When I tried to use the back button, a dialog box popped up and without reading what it said completely, I clicked ok. I was then directed back to google. Within a few seconds Norton Internet Securty popped up from the bottom right hand corner of my screen, like it always does, saying that it blocked a security intrusion from such and such a site, like usual. Soooo, just to be on the safe side, I thought I'd post a hijack this logfile for your reviewing, THANKS! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:18:25 PM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Administrator\My Documents\Side bar\New Folder\Norton setup\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE rest of logfile to follow...O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/prodinfo46/nprdtinf.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172528495187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan INSTALLER Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate NOTICE Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8974 bytes thanks for your consideration and time Let me take a look...It looks like Norton saved your bacon...You are clean There is one line (just cosmetic CHANGE): O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) Open HJT, put a checkmark next to the above line, and click "Fix it" button. Good luck.thanks, it's nice to know for sure. I made the change you suggested and my log is now as follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58:55 PM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\WinTV\WinTV2K.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\My Documents\Side bar\New Folder\Norton setup\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/prodinfo46/nprdtinf.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172528495187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8931 bytes Perfect

Discussion

1061.	Solve : windows xp avg anti virus?
Answer» A newbie here, I would be grateful for any help you can offer. I am ALSO a complete novice (idiot?) with a computer. To cut a long story short I uninstalled avg anti virus planning to load an updated version. When I try to download the new version I get Win 32 application messages so presumably I'm trying to download the wrong version. In desperation I tried to download a microsoft programme that failed 4 hours into the download ( I have dial up). I am trying to install any FREE anti virus software that you would recommend. The computer is a 3 year old hewlett packard using windows xp. Having wasted half of my precious weekend on this I would be truly grateful for any help. Quote When I try to download the new version I get Win 32 application messages not valid Win32 application - is it what you're getting? At what point? During download, or installation? You're downloading from here: http://free.grisoft.com/doc/2/, right?Hi Broni and THANK you for your interest. I don't remember where I tried to download from except that it was some part of the grisoft site. So I have tried again using the site you mention. I get a file download security warning, do you want to run or save this file, I press save then get an instant download. Then I get an internet explorer security warning, publisher could not be verified are you sure you want to run this file. I press run and then get the w32 message. SORRY if all this seems rather infantile, probably INDICATIVE to you of my computer skills, still I suppose we are all experts in our own field so if you have any questions about guitar playing I'm your man! Thanks again for your help. Regards Peter. Quote still I suppose we are all experts in our own field so if you have any questions about guitar playing I'm your man! Any suggestions on playing the 'mu chord ? ? Did you check Add/Remove for AVG to see if there's anything left ? ? There are posts on the Grisoft Forums about some versions uninstalling stubbornly but your best bet would be to DLoad and run CCleaner which is free and should clean things out for you. After that; Next DLoad a fresh copy again from Broni's link but don't do anything but save it for now. Power down and disconnect your modem/router and re-boot. Then turn off any other protection programs you have including Windows firewall and Live One Care if you have it. Re-install AVG and re-boot. If all goes well re-enable the firewall and any other protection programs, power down and hook up your connection and re-boot. If this method doesn't solve it i would suggest posting a HijackThis log as some malware will prevent installing/updating some protection programs... Let us know. Quote still I suppose we are all experts in our own field so if you have any questions about guitar playing I'm your man! I always wanted to play some instrument, but I ended up playing with computers...hehehe. At least my kids play something. Follow patio's instructions, and on a side note: Quote do you want to run or save this file You NEVER, EVER "run", you ALWAYS "save", and if a web site may be questionable, after downloading ALWAYS run a file through antivirus check. Quote publisher could not be verified It's regular M$ crap, so don't worry about it at all.

1061.

Solve : windows xp avg anti virus?

Answer»

A newbie here, I would be grateful for any help you can offer. I am ALSO a complete novice (idiot?) with a computer. To cut a long story short I uninstalled avg anti virus planning to load an updated version. When I try to download the new version I get Win 32 application messages so presumably I'm trying to download the wrong version. In desperation I tried to download a microsoft programme that failed 4 hours into the download ( I have dial up). I am trying to install any FREE anti virus software that you would recommend. The computer is a 3 year old hewlett packard using windows xp. Having wasted half of my precious weekend on this I would be truly grateful for any help. Quote

When I try to download the new version I get Win 32 application messages

not valid Win32 application - is it what you're getting? At what point? During download, or installation?

You're downloading from here: http://free.grisoft.com/doc/2/, right?Hi Broni and THANK you for your interest. I don't remember where I tried to download from except that it was some part of the grisoft site. So I have tried again using the site you mention. I get a file download security warning, do you want to run or save this file, I press save then get an instant download. Then I get an internet explorer security warning, publisher could not be verified are you sure you want to run this file. I press run and then get the w32 message. SORRY if all this seems rather infantile, probably INDICATIVE to you of my computer skills, still I suppose we are all experts in our own field so if you have any questions about guitar playing I'm your man! Thanks again for your help. Regards Peter. Quote

still I suppose we are all experts in our own field so if you have any questions about guitar playing I'm your man!

Any suggestions on playing the 'mu chord ? ?

Did you check Add/Remove for AVG to see if there's anything left ? ?
There are posts on the Grisoft Forums about some versions uninstalling stubbornly but your best bet would be to DLoad and run CCleaner which is free and should clean things out for you. After that;
Next DLoad a fresh copy again from Broni's link but don't do anything but save it for now.
Power down and disconnect your modem/router and re-boot.
Then turn off any other protection programs you have including Windows firewall and Live One Care if you have it.
Re-install AVG and re-boot.
If all goes well re-enable the firewall and any other protection programs, power down and hook up your connection and re-boot.

If this method doesn't solve it i would suggest posting a HijackThis log as some malware will prevent installing/updating some protection programs...

Let us know. Quote

still I suppose we are all experts in our own field so if you have any questions about guitar playing I'm your man!

I always wanted to play some instrument, but I ended up playing with computers...hehehe. At least my kids play something.

Follow patio's instructions, and on a side note:
Quote

do you want to run or save this file

You NEVER, EVER "run", you ALWAYS "save", and if a web site may be questionable, after downloading ALWAYS run a file through antivirus check.
Quote

publisher could not be verified

It's regular M$ crap, so don't worry about it at all.

Discussion

1062.	Solve : Here is my HijackThis log?
Answer» Hi, As per Broni, He wanted me to post my HijackThis log here. Maybe there is something wrong and it is messing with IE. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:22:54 PM, on 10/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe H:\PROGRA~1\Grisoft\AVG7\avgemc.exe H:\Program Files\Comodo\Firewall\cmdagent.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\svchost.exe H:\PROGRA~1\Grisoft\AVG7\avgcc.exe H:\WINDOWS\system32\rundll32.exe H:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe H:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe H:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe H:\Program Files\Comodo\Firewall\CPF.exe H:\Program Files\Winamp\winampa.exe H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\Program Files\Messenger\msmsgs.exe H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe H:\Program Files\AIM6\aim6.exe H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe H:\Program Files\AIM6\aolsoftware.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe H:\Program Files\QuickTime\qttask.exe H:\Program Files\Trillian\trillian.exe H:\WINDOWS\explorer.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe H:\Program Files\Outlook Express\msimn.exe H:\Documents and Settings\Baseball200358\Desktop\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &AMP;Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - H:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [High Definition Audio PROPERTY Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TrueImageMonitor.exe] H:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] H:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "H:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [COMODO Firewall PRO] "H:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [WinampAgent] H:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitTorrent] "H:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Yahoo! Pager] "H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Aim6] "H:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] H:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - H:\Program Files\Yahoo!\Common\Yinsthelper.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - H:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - H:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe -- End of file - 5916 bytes I'll take a look in a moment...Totally CLEAN... Now, we can go back to your other post, and try to fix your IE.

Discussion

1063.	Solve : Trouble installing antivirus program?
Answer» I have a windows xp ., and recently switched internet service to att/yahoo and when trying to download the antivirus protection online(from same internet provider ) I get to the install page. it jumps to a window where it says: unable to navigate the webpage. I am conected to the internet, I have checked all connections., and last two TIMES I tried to correct the problem with tech.support , I guess they do not have an idea since they have not been able to help me so FAR. I know I can buy it , but since is free with the PACKAGE . I did have norton before but I made sure I uninstalled it before trying to install the yahoo SOFTWARE. A better solution: Anti-Virus AVG Free Avast Choose only one. Then add the following: Spybot Search and Destroy AdAware AVG Anti-Spyware CCleaner. You will now have a WELL rounded protection package that will perform better than most ISP packages without being a hog on System Resources... Best of all it's all FREE. But you have to update and run scans regularly for it to be effective. Good Luck.Thanks Patio., I have installed all what you suggested and everything so far has been well. thx. Excellent news. I have found most packages that ISP's offer contain a lot of bloat and unneccessary fluff... I prefer my tools to do just what they were written to do. Remember to update and scan regularly and you should have no issues at all...

Discussion

1064.	Solve : free spyware??
Answer» is there a FREE program to GET rid of spyware, they all say they are free , but thats just the scan.SpyBot - Search and Destroy http://www.download.com/3000-2144-10122137.htmlFor real time PROTECTION, I use two frieebies: - Spyware Terminator (http://www.spywareterminator.com/) - ADVANCED WindowsCare (http://www.iobit.com/advancedwindowscareper.html)

Discussion

1065.	Solve : one scan says infected and another one no?
Answer» windows xp., - Run a complete scan with Norton. and it gives a negative result no viruses, spams, or spywares., I then run a STOP sign free antivirus scan and it gave me a result of 7 cookies and 3 trojan infected., so now I am confused because apparently Norton is one of the best reliable software there is. so which way should I go. Nah Norton is far from one of the best antivirus programs out there. It is one of the biggest resource hogs and one of the most expensive though. That being said I wouldn't trust Stop Sign either after reading what other people are saying about it. If you're looking for a good antivirus program then you should try AVG. It has a good detection RATE, doesn't TAKE up a lot of computer resources and it's free. But since you're computer might be infected (according to stop sign at least). You might want to scan your computer with an online virus scanner. Here are LINKS to a couple of good ones: Kaspersky Online Scanner F-Secure Online Scanner Norton and Stop Sign are programs to STAY away from. Like Deerpark says, AVG is definitely the way to go.I certainly hope you haven't given Stop Sign their $99.00... If so post back...there are ways to convince them to refund it.Certainly did not give any money to them., thanks to you guys., I went for AVG, SPYBOT S & D. I have resolved that challenge for now. thanks again.Glad we could save you some of your hard earned dough !AVG is hella yeah better then Norton whatever

Discussion

1066.	Solve : Computer Security Career?
Answer» I wish to pursue a CAREER in Computer/Network Security. Can anyone recommend any ways I can LEARN Computer security, like exploit basics etc. I understand that this can't be discussed in the forums as I might use the info for illegal purposes and of course I don't support illegal hacking, but I really want to learn now so it makes it EASIER in the future for me to GET a job. Maybe some external links, books etc could be suggested.With most topics, Google is a great resource... http://www.google.com/search?hl=en&q=computer+network+security If you wish to get into this as part of a career, I personally feel that it's best to take a few college courses on the subject. Especially considering that many computer-related careers require a degree or certificate of some sort anyway.

Discussion

1067.	Solve : info on antispyware needed..?
Answer» i wanted to know if there was any antispyware that could detect spyware as soon as it starts accessing my pc.. like a virus detector.. i do have zone alarm which indirectly solves the problem. but i'd like to have options nonetheless...Probably tthe best on the market is Webroot SpySweeper but it's not free. Pest Patrol was also faily good but that seems to have slipped in the rankings a little. Microsofts Defender has real time protection and is free but it has quite a few problems. It's built around the now defunct Giant Anti Spyware application and it's still in beta. I neither trust nor would I recommend the Microsoft offering. Javacools SpywareBlaster and SpywareGuard are both free and effective as is Spybot and Ad-Aware. A well MAINTAINED [highlight]HOSTS[/highlight] file will go a long way towards preventing infection. Kaspersky AV run with it's redundant database stops most malware dead in it's tracks.I use Spybot Search & Destroy's Immunize feature. I just found this reference with screen prints and an explanation of how to use Immunize: Preventing spyware with Spybot's Immunize functionCorrect me if I'm wrong, but Spybot S&D (which I use) only immunizes attacks against Internet Explorer, not Firefox. ctrlaltdel, try Spybot Resident Teatimer and/or Prevx (cool NAME eh?), they will both tell you when something TRIES to MAKE a change to your computer. So will WinPatrol, it's very user friendly but the warnings are time delayed. If I had to pick only 1 program for antispyware I'd choose Spybot at the moment. Spybot needs to be run in Advanced Mode and fully explored to get the best out of it.The SpywareBlaster does work with FireFox, FoxFire,....whatever..ya get my meaning. I use it, along with A2Squared, ZoneAlarm Firewall, & AVG antivirus. All free versions & the only thing I ever find(so far!) are tracking cookies listed sometimes. I run Win 2000Pro/IE

Discussion

1068.	Solve : Trojan??
Answer» Hello I have McAfee total protection (supposedly!) & spybot installed on my sons laptop. I noticed that he was getting alot of pop ups even with pop up blockers ENABLED, specifically a poker one & also a spyware detected (winantispy.com) type which McAfee site advisor detects as red. Also, the settings in the internet options keep on automatically changing themselves to accept all cookies. And now, staring today, I can't open most applications like Spybot (nothing happens when I double click). On startup, McAfee detects & removes a Trojan found in C:\Documents and settings\My Name\Local Settings\Temp\snfjvkte.exe. (I don't seem to be able to locate the folder named Local Settings either) McAfee describes it as generic.dx Trojan (if this helps?). If I restart the computer, I am quickly able to start spybot but during the scan it terminates itself. Please can someone advise?The Local Settings folder is hidden by default, you have to go to Tools > Folder Options > View and select Show hidden files and folders. Obviously whatever malware that is running in the background is killing Spybot, you can manually download the newest detection updates (spybot_includes.exe) and apply them manually since you can't do it from within the application itself. Also update McAfee and then boot into safe mode (Hit F8 during startup). Do a full McAfee scan and Spybot scan while in safe mode and remove anything nasty they find. I also recommend that you download HiJackThis, do a scan and then post the log file here. That way myself or someone else can check to make SURE you're clean. Good luck, JPH HijackThis: http://www.spywareinfo.com/~merijn/programs.php Spybot Detection Updates: http://www.safer-networking.org/en/download/Wow, that's some brilliant advice! I'll get back to you... thanks!Ok, so I updated then tried booting in safe mode, but now I have another problem... In safe mode I can see my desktop for around 5 seconds, then it dissapears into blackness & I get the 'windows is running in safe mode' box asking me to select yes/no (no being a restore) I select yes to go into safe mode which returns me to my desktop, but the thing keeps popping back up, interrupting whatever I try to do! it happened about 10 times & in the end I just left it, the box closed itself & now all I have is a BLACK screen with safe mode in the 4 corners & the Microsoft jargan at the top... This isn't normal is it?I managed to perform a spybot scan in safe mode which found 33 items, but everytime I tried to open McAfee the safe mode pop up interrupted it. I rebooted after the spybot findings but nothing has changed. I got 2 Trojan removal messages from McAfee & also my cookies security level was set to accept everything again. I set my privacy to default & a few minutes later got the McAfee pop up saying that a change in the registry has been detected - obviously the little censored that's trying to change my cookie settings again. I also cannot run spybot - but I did do a Hijackthis scan:Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\JoyTech\JoytechNeoSTrayIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\system32\mqtgsvc.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Louis\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [JOYTECH USB Neo S Controller] C:\Program Files\JoyTech\JoytechNeoSTrayIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hmlpwcpj.dll",sitypnow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, INC. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe Run another HJT scan and put a check next to the following entry: O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hmlpwcpj.dll",sitypnow Click the "Fix checked" button Now click on Config > Misc Tools > Delete a file on reboot and browse to the following file: C:\WINDOWS\system32\hmlpwcpj.dll Reboot and see if the problem persists. * note - system restore might actually be RESTORING malware and that might be what McAfee keeps detecting. You should turn off system restore until you're clean. Please post another HJT log file but this time before you do rename HijackThis.exe to something else, some malware will hide itself from the HijackThis.exe process. - JPHThanks for all your help so far JPH, I really appreciate this... Ok, I did what you said, only when I selected Delete a file on reboot HJT just closed. It only allowed me access that tool after renaming HJT but then I couldn't locate the file hmlpwcpj.dll (in fact, there were no files shown in the system folder) so I entered the path manually instead. I rebooted & same thing... privacy settings changed & 2 Trojan alerts, but I can now open Spybot (which is functioning abnormally). The 2 Trojan McAfee detections: C:\Documents and Settings\Louis\Temporary Internet Files\Content.IE5\B6F5ZZ6W\valera[1] C:\Documents and Settings\Louis\Local Settings\Temp\aguspaju.exe The HJT scan log:Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\JoyTech\JoytechNeoSTrayIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\program files\mcafee\msc\mcshell.exe C:\PROGRA~1\McAfee\MSC\McLgView.exe C:\Documents and Settings\All Users\Start Menu\Programs\Security\bacon.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: (no name) - {1A4CD7C1-E016-4ABD-AE93-0664921557A1} - C:\WINDOWS\system32\ddabc.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\Spybot\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\flmlrjob.dll O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\yaywtqr.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [JOYTECH USB Neo S Controller] C:\Program Files\JoyTech\JoytechNeoSTrayIcon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rpjqyixy.dll",sitypnow O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll O20 - Winlogon Notify: yaywtqr - C:\WINDOWS\SYSTEM32\yaywtqr.dll O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exeDownload VundoFix from here: http://vundofix.atribune.org Do a scan with it and remove any Vundo infections it finds. Then grab the C:\VundoFix.txt file and post it here. - JPH## part 1 ## VundoFix V6.5.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 04:28:56 07/10/2007 Listing files found while scanning.... C:\windows\system32\cbadd.bak1 C:\WINDOWS\system32\cbadd.bak2 C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.tmp C:\windows\system32\ceqylnuv.dll C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\flmlrjob.dll C:\windows\system32\knarwknb.dll C:\WINDOWS\system32\mduqlynv.dll C:\WINDOWS\system32\rpjqyixy.dll C:\windows\system32\xnamrhux.ini C:\windows\system32\xuhrmanx.dll C:\WINDOWS\system32\yaywtqr.dll Beginning removal... Attempting to delete C:\windows\system32\cbadd.bak1 C:\windows\system32\cbadd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.bak2 C:\WINDOWS\system32\cbadd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.tmp C:\WINDOWS\system32\cbadd.tmp Has been deleted! Attempting to delete C:\windows\system32\ceqylnuv.dll C:\windows\system32\ceqylnuv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted Attempting to delete C:\WINDOWS\system32\flmlrjob.dll C:\WINDOWS\system32\flmlrjob.dll Could not be deleted. Attempting to delete C:\windows\system32\knarwknb.dll C:\windows\system32\knarwknb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mduqlynv.dll C:\WINDOWS\system32\mduqlynv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rpjqyixy.dll C:\WINDOWS\system32\rpjqyixy.dll Could not be deleted. Attempting to delete C:\windows\system32\xnamrhux.ini C:\windows\system32\xnamrhux.ini Has been deleted! Attempting to delete C:\windows\system32\xuhrmanx.dll C:\windows\system32\xuhrmanx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\flmlrjob.dll C:\WINDOWS\system32\flmlrjob.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rpjqyixy.dll C:\WINDOWS\system32\rpjqyixy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done!## part 2 ## Listing files found while scanning.... C:\windows\system32\cbadd.ini C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\yaywtqr.dll Beginning removal... Attempting to delete C:\windows\system32\cbadd.ini C:\windows\system32\cbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\cbadd.ini C:\windows\system32\cbadd.ini Could not be deleted. Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.5.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 04:47:57 07/10/2007 Listing files found while scanning.... C:\windows\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.tmp C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\yaywtqr.dll Beginning removal... Attempting to delete C:\windows\system32\cbadd.ini C:\windows\system32\cbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.tmp C:\WINDOWS\system32\cbadd.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\cbadd.ini C:\windows\system32\cbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\cbadd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 04:54:23 07/10/2007 Listing files found while scanning.... C:\windows\system32\cbadd.ini C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\yaywtqr.dll Beginning removal... Attempting to delete C:\windows\system32\cbadd.ini C:\windows\system32\cbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\cbadd.ini C:\windows\system32\cbadd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\ddabc.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yaywtqr.dll C:\WINDOWS\system32\yaywtqr.dll Could not be deleted. Performing Repairs to the registry. Done!Great, progress.... Try and see if you can boot into safe mode now and delete the last two files... C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\yaywtqr.dll Before you do though run HJT again and make sure the following entries are gone, if not select them and "Fix Checked" O2 - BHO: (no name) - {1A4CD7C1-E016-4ABD-AE93-0664921557A1} - C:\WINDOWS\system32\ddabc.dll O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\flmlrjob.dll O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\yaywtqr.dll O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\rpjqyixy.dll",sitypnow O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll O20 - Winlogon Notify: yaywtqr - C:\WINDOWS\SYSTEM32\yaywtqr.dll - JPH

Discussion

1069.	Solve : System Restore and Trojan Horse Infection?
Answer» Hi, all: I have just survived a terrible trojan-ace-x infection. It took 4 different spyware programs and 3 DAYS of work to get rid of it, but it APPEARS to be gone now. I was only using SpySweeper, it would find it, remove it, then it would reinstall itself and I was back to where I started. This is my question: as a part of the work of getting rid of it, I turned off System Restore when running in SAFE mode and ran SpySweeper and AdAware. (Infection reinstalled itself after that.) I then ran the multiple spyware programs in standard mode and successfully removed the trojan horse. Now that the infection appears to be gone, is it safe to turn System Restore back on? Should I go back into safe mode and re-run all the spyware programs BEFORE turning System Restore back on? Thanks! AegnonYou may go back to safe Mode, and run all safety programs, you have, just to make sure, you are clean. Then, you restart in normal mode, turn system restore on, and create Restore Point. You may also post your HJT log here, and SOMEONE will take a look.Broni, Thanks! I'll do that.Let US know, how it went.

Discussion

1070.	Solve : My retarded comp keeps spontaneously freezing. Please help!?
Answer» Ok, So... I turn on my computer, and it froze about 3 seconds after it turned on. I rebooted it. Froze again when the Disk Checking thing was running, Rebooted again Froze YET AGAIN when typing in my password. Rebooted Froze AGAIN when the little tune that windows 2000 has when your desktop shows up. Rebooted. Froze rebooted froze rebooted froze rebooted wow I got 20 MINUTES before it froze again. That's a new record. rebooted Froze rebooted, Froze I don't know if it's a virus, Trojan, worm or something else. I have an anti virus in my computer and it doesn't detect one. AUGHH IT'S SOO ANOYING PLEASE HELP ME!!!! What anti-virus software are you using?Avast! Anti-Virus Pro 4.7I did the Hijack This thing and this is what I got... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:41:36 PM, on 10/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Softwin\BitDefender8\bdswitch.exe C:\Program Files\DAP\DAP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Belkin\F5D7001v2000\ChkDev.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redir.speedbit.com/redir.asp?ID=7028 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NVCPLDAEMON] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - C:\WINDOWS\system32\oksrqqu.dll (file missing) O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - C:\WINDOWS\system32\oksrqqu.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA DISPLAY Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 7247 bytes Hopefully this will help you help me. Sorry for the delay... Ok, following the advice I followed to fix my PC, try this: Start your PC in safe mode (press F8 while windows is starting up) Delete your old Hijack this log file, run HijackThis again, perform a scan (with log) & then check the following entries: O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe O21 - SSODL: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - C:\WINDOWS\system32\oksrqqu.dll (file missing) O22 - SharedTaskScheduler: breadthes - {5c4f2cbc-f32d-4a03-9812-86f39379811b} - C:\WINDOWS\system32\oksrqqu.dll (file missing) Select 'fix checked' then rescan & post the new log here.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:26:57 PM, on 10/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Softwin\BitDefender8\bdswitch.exe C:\Program Files\DAP\DAP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Belkin\F5D7001v2000\ChkDev.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WinSys.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redir.speedbit.com/redir.asp?ID=7028 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O20 - AppInit_DLLs: x;sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 6607 bytes It froze once while trying to attempt this in in safe mode...zomgpleasehelp, The fact that you are running two antivirus programs alone is enough to make your system unstable. You should choose one or the other and remove the other one. Also, did you intentionally install WinSpy surveillance software? If not it should be removed immediately. Fix these: O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe* <---WinSpy O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab Might as well fix these too while you're at it: O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) Reboot, then delete the following file: C:\WINDOWS\system32\WinSys.exe Delete the following directory: C:\Program Files\Video ActiveX Object Then go to C:\Program Files\Trend Micro\HijackThis and rename HiJackThis.exe to something else (e.g. zomg.exe) and then post a new logfile. - JPH So far so good, Repeat the steps again & Fix these aswell: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redir.speedbit.com/redir.asp?ID=7028 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab Then post the new log here...Ahhh... the main man! JPH! I'll just sit this one out from now on & watch the master at work Alright, I did what both of you said. Starting with what JPH told me to do. Then I deleted the stuff Neljan told me to delete. Oh, and I tried to delete C:\WINDOWS\system32\WinSys.exe and C:\Program Files\Video ActiveX Object LIKE JPH told me to, but the WinSys.exe thing was "Protected" or something and couldn't delete it. the Video ActiveX Object directory was not found so I couldn't delete it. hope you guys can still help, and if my replies take a while, it's because I have to deal with this freezing problem like, every 2-10 minutes and I have to reboot while doing this. Anyways... this is what I got... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:08:51 PM, on 10/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Softwin\BitDefender8\bdswitch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe C:\Program Files\Belkin\F5D7001v2000\ChkDev.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SYSTEM32\winsys.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O20 - AppInit_DLLs: sockspy.dll sockspy.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 5544 bytes There are a few things that I suggested that you didn't do...help me help you. You're still running 2 antivirus programs (uninstall one of them) You didn't rename HijackThis.exe (some malware hides from the HijackThis.exe process) You didn't reboot (if you would have you could have deleted Winsys.exe because it wouldn't still be running in memory) Please do these things and post a new HJT log file. - JPH BTW neljan, don't sit this one out...you were doing just fine before I got here. Thanks JPH Zomgpleasehelp I'm still here aswell mate, don't worry we'll get this fixed... I would have also recommended removing one of your virus software, if I didn't think that 'Avast! Anti-Virus Pro 4.7' was one program! doh! Do you have access to another computer, if so you should download software to test your RAM and your HDD.Alright, let's see... I uninstalled SpyBot and kept Avast!. (Since it's better and I actually paid for it ) I managed to delete the WinSys.exe this time... Last time I did reboot but didn't want to delete... I forgot to rename 'Hijack This' last time So I did it right now and renamed it to 'o.o' And Fed, Do you mean access to another computer directly from mines? if so I don't think I can. I do have 2 more computers in my house though... Anyway's this is what I got this time... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:04 PM, on 10/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\Program Files\Softwin\BitDefender8\bdswitch.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\Program Files\DAP\DAP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Belkin\F5D7001v2000\ChkDev.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\o.o.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 5571 bytes zomgpleasehelp, I should have explained this better so I apologize. The two antivirus programs that I see are Avast and Bitdefender8, Spybot is not an antivirus technically it's an antispyware application. Since it doesn't have real-time scanning you could run it alongside AV programs and it won't interfere. - JPH

Discussion

1071.	Solve : ive tried every program but cant get rid of pop up?
Answer» trend micro house call ,avg , ms anti spy , etrust, spbot, xoftspy and more any suggestion attach screen shot with running procces list thanksWhy don't you start using Firefox instead? Anyway, I've recently had spyware / pop-up problems and I downloaded and ran (at the same time, eventually, as I got frustrated when it wasn't working when I ran each one individually): Ewido Lavasoft Ad-Aware Spybot Search & Destroy CCleaner A-Squared AVG Anti-Virus (Free Edition) Windows Defender It will take longer running them at the same time, but it worked for me. After everything has finished, delete anything in quarrantine. You COULD, after, post up a HijackThis logfile for the experts here to look at. Please Note: Before, make sure your hidden files are showing and that your system restore is turned off (Right Click My Computer >> Properties >> System Resotre >> Check Off) After you've ran all these, restart your computer in Safe Mode and re-run AVG Anti-Virus. To make it easier, Before you go to bed, run all these, then turn your screen off - that way, they all get to run, but it doesn't disturb you. (I only did this because my computer is in my room). Hope it helps! OllyFormat and reinstall. The ULTIMATE solution! Using Firefox is not a solution!!! Carry out the procedures LISTED [highlight]here[/highlight] and post a Hijackthis logfile here when done. Quote Using Firefox is not a solution!!! Carry out the procedures listed [highlight]here[/highlight] and post a Hijackthis logfile here when done. Oh, well after I started using Firefox, I didn't have anymore pop-up trouble, so it seemed to be Firefox that prevented the pop-ups.Firefox didn't stop the popups; it just doesn't respond to them. The infections are still present.well firefox would have blocked the adware in the first place its so much betterSoviet Genius Quote well firefox would have blocked the adware in the first place its so much better You have missed the point . Quote Posted by: Backdated Firefox didn't stop the popups; it just doesn't respond to them. The infections are still present All that has been achieved is not seeing the pop-ups .......the problem still remains. It's LIKE a leak in your roof ....... as long as you keep emptying the bucket catching the water ......the floor stays dry ......But the roof still has a hole in it ....... dl65 A nice analogy! That hole is probably allowing in all other sorts of nasties besides a bit of rain! If users are so selfish and lazy that they can't be bothered with security, then they should not be allowed access to any public networks. When they're caught trafficking kiddie porn or warez or running spambots etc, I really do hope that any court will not accept IGNORANCE as a defence and that they impose maximum sentences.

1071.

Solve : ive tried every program but cant get rid of pop up?

Answer»

trend micro house call ,avg , ms anti spy , etrust, spbot, xoftspy and more any suggestion
attach screen shot with running procces list thanksWhy don't you start using Firefox instead?

Anyway, I've recently had spyware / pop-up problems and I downloaded and ran (at the same time, eventually, as I got frustrated when it wasn't working when I ran each one individually):

Ewido
Lavasoft Ad-Aware
Spybot Search & Destroy
CCleaner
A-Squared
AVG Anti-Virus (Free Edition)
Windows Defender

It will take longer running them at the same time, but it worked for me. After everything has finished, delete anything in quarrantine. You COULD, after, post up a HijackThis logfile for the experts here to look at.

Please Note: Before, make sure your hidden files are showing and that your system restore is turned off (Right Click My Computer >> Properties >> System Resotre >> Check Off)

After you've ran all these, restart your computer in Safe Mode and re-run AVG Anti-Virus.

To make it easier, Before you go to bed, run all these, then turn your screen off - that way, they all get to run, but it doesn't disturb you. (I only did this because my computer is in my room).

Hope it helps!

OllyFormat and reinstall. The ULTIMATE solution! Using Firefox is not a solution!!!
Carry out the procedures LISTED [highlight]here[/highlight] and post a Hijackthis logfile here when done. Quote

Using Firefox is not a solution!!!
Carry out the procedures listed [highlight]here[/highlight] and post a Hijackthis logfile here when done.

Oh, well after I started using Firefox, I didn't have anymore pop-up trouble, so it seemed to be Firefox that prevented the pop-ups.Firefox didn't stop the popups; it just doesn't respond to them. The infections are still present.well firefox would have blocked the adware in the first place its so much betterSoviet Genius
Quote

well firefox would have blocked the adware in the first place its so much better

You have missed the point .
Quote

Posted by: Backdated
Firefox didn't stop the popups; it just doesn't respond to them. The infections are still present

All that has been achieved is not seeing the pop-ups .......the problem still remains. It's LIKE a leak in your roof ....... as long as you keep emptying the bucket catching the water ......the floor stays dry ......But the roof still has a hole in it .......

dl65 A nice analogy!
That hole is probably allowing in all other sorts of nasties besides a bit of rain!
If users are so selfish and lazy that they can't be bothered with security, then they should not be allowed access to any public networks.
When they're caught trafficking kiddie porn or warez or running spambots etc, I really do hope that any court will not accept IGNORANCE as a defence and that they impose maximum sentences.

Discussion

1072.	Solve : Yahoo! problems?
Answer» Hello, I am experiencing a problem where any time I ACCESS any Yahoo! WEBPAGE, my browser stops responding. This only happens with Firefox (not with IE), but I have found Firefox to be much more secure. Could this be some kind of spyware or VIRUS? I can't find any PROBLEMS with my spyware programs. Anyone heard of this before??Try a Google for this problem. Somewhere in the dark but recent recesses of my mind this rings a bell. I think a fix was issued but I can't remember if it was siteside or browserside.What version of Firefox are you using? What extensions are installed? FlameVersion 1.5.0.1 Extensions: Talkback & Mediawrap (no IDEA what these are)If you don't know what they are, I say delete them. You can always get them back later. Sometimes extensions can cause instability. FlameIs JavaVM etc correctly installed for Firefox? Do affected sites use ActiveX controls?

Discussion

1073.	Solve : trojan attack?
Answer» i keep getting attacked with a trojan (i think) called HTTP MS IIS NTLM AN1 BO - which norton says is very dangerous it is blocked by Norton so Im ok. But the attack keeps RECURRING whenever the blocking has stopped. Because Norton dont provide a visual tracking system any more I dont know how to block the person sending the virus. It almos the same IP address every time. Can i block the sender completely? All help much appreciated thanks - oh and dont get too tecchy with your answers!It is not a trojan and whoever is sending this is technically not sending you a virus. What they're doing is trying to exploit a system vulnerability that according to this page apparently is present in several operating systems. No need to worry though since your firewall is blocking the attacks. If you know the IPs of the computers sending the attack your firewall should provide you with some way of blocking the IPs permanently. If you're unclear on how to do this, you can give us the name of your firewall and someone might be able to guide your through it. thats fine but whoever the intruder is the attack seems to be coming from a different IP address every time - except for the first two DIGITS. I can't possibly keep track of all these IP addresses. I know I'm safe because of norton but its becoming very annoying when my little norton symbol flashes at the bottom of my screen and I have to clear it. This is now happening roughly every fifteen MINUTES! Just disable those Norton alerts. You don't really need them. They only mean, that Norton is working, and that's all you need to worry about.Contact your ISP and explain what is happening...request a new IP address. They should have no problem accomodating your request...I don't think, new IP address will change anything. Every computer experiences those outside attacks every day. It's today's reality. That's why, we have firewalls.So he shouldn't take the advice then ? ? I get no sniffers or probes and haven't for a long time...

Discussion

1074.	Solve : Are virus and spyware consider as malwares??
Answer» Are VIRUS and SPYWARE CONSIDER as MALWARES?yes. http://en.wikipedia.org/wiki/Malware

Discussion

1075.	Solve : Slow after removing Trojans?
Answer» My computer was recently attacked by Trojans. I seem to have removed them all, but my computer is working slower. Browsers are VERY slow to load--most frustrating. Can you tell me what causes this and how to fix it? I noticed there was a POST in this forum back in November, but there was no posted response. I have cleared all temp files, RUN disk cleanup and disk defrag.Carry out the procedures listed [highlight]here[/highlight] and post a Hijackthis logfile here when done.My computer is not allowing me to download the Active X controls needed to run Panda ActiveScan and Trend Housecall seems to be stuck at "opening Trend Micro HouseCall". Are there some internal selections I can change to get my system to accept the Active X controls? I'm using DSL through SBCYahoo. Here is the error message I got with the Panda download: An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again Possible causes of this error are: Not allowing the application's ActiveX CONTROL to be downloaded. Problems with the Internet connection. The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...I believe Trend has a JAVA option. Try that and if it doesn't work, skip the virus checks but carry out the rest of the tests.try going into safe mode and running the antispyware and antivirus programs from there

Discussion

1076.	Solve : Help with TrojanDownloader removal, please...?
Answer» Well...I never thought I'd be posting here...but need to anyway...not that it's scaring me...I just WANT to make sure it's removed...permanently. I use Windows Live Once Care...and ran a scan...it found the following three infections: TrojanDownloader:Win32/Agent.ACZ TrojanDownloader:Win32/Cutwail.H TrojanDownloader:Win32/Cutwail.L Now...although they could not be deleted or quarantined by my malware protection...they are, in fact, blocked...so that's a plus. Any help is greatly appreciated... Here's a copy of my HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 1:18:34 PM, on 10/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DigitalPersona\Bin\DPWinLct.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\DigitalPersona\Bin\DpHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\GWMDMMSG.exe C:\WINDOWS\system32\SK9910DM.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\DigitalPersona\Bin\DPAgnt.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\JAVA\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0Here's the rest: O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Saviour PC Toolbar - {a77eba67-f49c-4810-80b8-c509bd66de1a} - C:\Program Files\Saviour_PC\tbSav0.dll O3 - Toolbar: Saviour PC Toolbar - {a77eba67-f49c-4810-80b8-c509bd66de1a} - C:\Program Files\Saviour_PC\tbSav0.dll O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYZUS O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: APC UPS Service - American Power CONVERSION Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYSOddly enough, there is nothing dangerous in your HJT log. There are some minor issues, and I'll tell you in a second what to do. It looks to me, that your threats are most likely false-positive. In any case, since I'm pretty new to this board, please, wait for CBMatt for final approval (that was my agreement with him). Now... 1. Print out this post, since it's gonna be invisible to you later. 2. Close all windows (except for HJT), and put checkmarks next to following items: - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYZUS (My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. The toolbar allows easy access to search engine results and a 404 Error Redirector called My Total Search AMONG other things to your browser. This is not to be confused with the IBIS Web Search toolbar. Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information. That being said, I would still recommend uninstalling the toolbar and other Fun Web Products if you feel your computer runs better without them. They are found by most spyware removal tools such as Spybot Search and Destroy, Lavasoft Ad-Aware) - O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) - O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) - O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) 3. Click on "Fix it". 4. Restart in Safe Mode. Run Spybot, and fix whatever needs to be fixed. 5. Turn off System Restore. 6. Restart in normal mode. 7. Turn your System Restore back on. 8. Post new HJT log. Good luck.

1076.

Solve : Help with TrojanDownloader removal, please...?

Answer»

Well...I never thought I'd be posting here...but need to anyway...not that it's scaring me...I just WANT to make sure it's removed...permanently.

I use Windows Live Once Care...and ran a scan...it found the following three infections:

TrojanDownloader:Win32/Agent.ACZ
TrojanDownloader:Win32/Cutwail.H
TrojanDownloader:Win32/Cutwail.L

Now...although they could not be deleted or quarantined by my malware protection...they are, in fact, blocked...so that's a plus.

Any help is greatly appreciated...

Here's a copy of my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:18:34 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\JAVA\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0Here's the rest:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Saviour PC Toolbar - {a77eba67-f49c-4810-80b8-c509bd66de1a} - C:\Program Files\Saviour_PC\tbSav0.dll
O3 - Toolbar: Saviour PC Toolbar - {a77eba67-f49c-4810-80b8-c509bd66de1a} - C:\Program Files\Saviour_PC\tbSav0.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPAgnt] "C:\Program Files\DigitalPersona\Bin\DPAgnt.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WorksFUD] "C:\Program Files\Microsoft Works\wkfud.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYZUS
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power CONVERSION Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYSOddly enough, there is nothing dangerous in your HJT log.
There are some minor issues, and I'll tell you in a second what to do.
It looks to me, that your threats are most likely false-positive.
In any case, since I'm pretty new to this board, please, wait for CBMatt for final approval (that was my agreement with him).

Now...
1. Print out this post, since it's gonna be invisible to you later.
2. Close all windows (except for HJT), and put checkmarks next to following items:
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYZUS
(My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. The toolbar allows easy access to search engine results and a 404 Error Redirector called My Total Search AMONG other things to your browser. This is not to be confused with the IBIS Web Search toolbar.
Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information. That being said, I would still recommend uninstalling the toolbar and other Fun Web Products if you feel your computer runs better without them. They are found by most spyware removal tools such as Spybot Search and Destroy, Lavasoft Ad-Aware)
- O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
- O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
- O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

3. Click on "Fix it".

4. Restart in Safe Mode. Run Spybot, and fix whatever needs to be fixed.

5. Turn off System Restore.

6. Restart in normal mode.

7. Turn your System Restore back on.

8. Post new HJT log.

Good luck.

Discussion

1077.	Solve : Ad-Aware problems.?
Answer» I'm running XP on an HP. My ever trusty Ad-Aware seems to have a bug. All of a sudden it just does not work PROPERLY. It stops about a minute into the scan comes up with an error MESSAGE to fast to read and then leaves the screen. Here are the actions I took so far ; Uninstalled Ad-Aware, ran both Defender and AVG successfully re-booted my PC and re-installed Ad-Aware, to no avail. I also did a disk check, which ran clean. My PC has been running virus free, according to the above 3, for a few weeks now. Any help would be appreciated. Peace, MP.Did you update Defender or any other software just prior to the error occurring? Does the Event Viewer console offer any cluues? Is Ad-Aware set to dump a debug file on error?Yes I updated both prior to reinstall. I will check both the Event Viewer and the setting for debugging a file when I get home. To be honest never used the event viewer option on Ad-Aware or changed the debug setting so that should still be at default setting. Thanks for the help. Peace, MP.The Event Viewer is an XP console and it can be opened by entering eventvwr.msc in the Start>Run box.(Slaps head) I will check when I get home. Just did it on my laptop at work and know what your talking about now. Quote Did you update Defender or any other software just prior to the error occurring? Does the Event Viewer console offer any cluues? Is Ad-Aware set to dump a debug file on error? I got it ! Heres what I did; Looked for updates for both defender and AVG. Only AVG had an update. I ran them both re-booted the PC nad download Spy-Bot, which I haven't used in a long time. I ran spy-bot and it found infections the other two missed or are not capable of finding. Again I re-booted the PC and then I reinstalled Ad-Aware and it installed without a hitch. AND one of the files Spy-Bot did uncover was that censored winfixer and it said it was cleaned successfully. I did set Ad-Aware as suggested above and I did take a look at Event Viewer. A brief lesson on what I'm looking at would be nice. lol Now I'm running 4 anti/virus apps everyday - Ad-aware, Defender, AVG and Spy-Bot. NOW "SHOULD" these four be enough to KEEP my system clean. Once again thanks to this place for the invaluable help. Peace, MP. I would plump for an anti trojan scanner as well such as Ewido (XP only) or A² (WinAll). These are both free but both free versions lack real time PROTECTION. There are a few other worthwhile security measures but we'll go through these and your Event Viewer listings tomorrow.I do have Ewido on my PC. I thought it was on free for 14 days or something like that. I'll take a look when I get home and Google some more freebies to choose from. Thanks, MP.Ewido is free but realtime protection and automatic updates will cease after the trial period is up. Emsisoft simply dispense with realtime protection and AUTO updates altogether with it's free version of A². in both instances, the commercial versions contain all features.The lightbulb goes on! I remember Ewido now. I removed it from my PC for two reasons; 1. Anything I don't use anymore gets the can. Trying to keep my PC clean. 2. For whatever reason this keep showing Ad-Aware as an infected object? I downloaded it again and am running it as I type. Thanks again for this lesson. Peace, MP.

1077.

Solve : Ad-Aware problems.?

Answer»

I'm running XP on an HP.

My ever trusty Ad-Aware seems to have a bug. All of a sudden it just does not work PROPERLY. It stops about a minute into the scan comes up with an error MESSAGE to fast to read and then leaves the screen.

Here are the actions I took so far ; Uninstalled Ad-Aware, ran both Defender and AVG successfully re-booted my PC and re-installed Ad-Aware, to no avail.
I also did a disk check, which ran clean.

My PC has been running virus free, according to the above 3, for a few weeks now.

Any help would be appreciated.

Peace,
MP.Did you update Defender or any other software just prior to the error occurring?
Does the Event Viewer console offer any cluues?
Is Ad-Aware set to dump a debug file on error?Yes I updated both prior to reinstall.

I will check both the Event Viewer and the setting for debugging a file when I get home. To be honest never used the event viewer option on Ad-Aware or changed the debug setting so that should still be at default setting.

Thanks for the help.

Peace,
MP.The Event Viewer is an XP console and it can be opened by entering eventvwr.msc in the Start>Run box.(Slaps head) I will check when I get home. Just did it on my laptop at work and know what your talking about now. Quote

Did you update Defender or any other software just prior to the error occurring?
Does the Event Viewer console offer any cluues?
Is Ad-Aware set to dump a debug file on error?

I got it !

Heres what I did; Looked for updates for both defender and AVG. Only AVG had an update. I ran them both re-booted the PC nad download Spy-Bot, which I haven't used in a long time. I ran spy-bot and it found infections the other two missed or are not capable of finding. Again I re-booted the PC and then I reinstalled Ad-Aware and it installed without a hitch. AND one of the files Spy-Bot did uncover was that *censored* winfixer and it said it was cleaned successfully.

I did set Ad-Aware as suggested above and I did take a look at Event Viewer. A brief lesson on what I'm looking at would be nice. lol

Now I'm running 4 anti/virus apps everyday - Ad-aware, Defender, AVG and Spy-Bot. NOW "SHOULD" these four be enough to KEEP my system clean.

Once again thanks to this place for the invaluable help.

Peace,
MP.

I would plump for an anti trojan scanner as well such as Ewido (XP only) or A² (WinAll). These are both free but both free versions lack real time PROTECTION. There are a few other worthwhile security measures but we'll go through these and your Event Viewer listings tomorrow.I do have Ewido on my PC. I thought it was on free for 14 days or something like that. I'll take a look when I get home and Google some more freebies to choose from.

Thanks,
MP.Ewido is free but realtime protection and automatic updates will cease after the trial period is up.
Emsisoft simply dispense with realtime protection and AUTO updates altogether with it's free version of A².
in both instances, the commercial versions contain all features.The lightbulb goes on! I remember Ewido now. I removed it from my PC for two reasons;
1. Anything I don't use anymore gets the can. Trying to keep my PC clean.
2. For whatever reason this keep showing Ad-Aware as an infected object?

I downloaded it again and am running it as I type.

Thanks again for this lesson.

Peace,
MP.

Discussion

1078.	Solve : Pure Hole Hole?
Answer» Volume in drive C is ACER Volume Serial Number is 3056-A0AA Directory of C:\Users\K!R\Application Data Volume in drive C is ACER Volume Serial Number is 3056-A0AA Directory of C:\Users\Kir\Application Data Volume in drive C is ACER Volume Serial Number is 3056-A0AA Directory of C:\Users\All Users\Application Data Volume in drive C is ACER Volume Serial Number is 3056-A0AA Directory of C:\Users\Default\Application Data Volume in drive C is ACER Volume Serial Number is 3056-A0AA Directory of C:\Users\Default User\Application Data Okay, your infection doesn't seem to be as serious as I had thought it was going to be. That's usually a good sign. Heh. I've attached a zip file...in it is a reg file. Run that file and when prompted, click Yes. This will delete the infection's key in the registry. Then...download CCleaner (install without Yahoo! toolbar) and configure it ACCORDING to this guide. And if it still exists, try using Pocket KillBox to delete C:\ProgramData\Pure Hole Hole.wybxn8j. I would then like to see a new HijackThis log.i cant seem to find the attachment that u said u attached....and sorry to bother u so muchSorry, Zakir, the upload folder is full, so I can't attach the file right now. Instead, I'll tell you how to make it yourself. Copy everything in the quote box below... Quote Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet EXPLORER\Main] "FunkItch" =- Then open up Notepad and paste the contents. Go to File > Save As... Next to Save as Type select All Files and name the file badkey.reg and save it to your desktop. You can then run the file like I previously instructed. And don't worry, you're not a bother at all. This is what I'm here for!i did what u asked and used the pocker killbox and theres still 2 pure hole hole files in my programdata directory, one is a 0v203 file and the other a wybxn8j file.....and i did reboot after i did al that Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:55 PM, on 4/10/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Launch Manager\QtZgAcer.EXE D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\igfxext.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE D:\Program Files\Vidalia Bundle\Tor\tor.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/defaults/sp/http://sg.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/http://sg.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [NOD32 Control Center] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk O4 - HKCU\..\Run: [Launch Manager] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [FunkItch] "C:\ProgramData\Pure Hole Hole.wybxn8j" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra 'Tools' MENUITEM: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E9FB3-923F-4BED-B23D-5037D93AF3E4}: NameServer = 218.186.1.38,202.156.1.68 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 9818 bytes This file is deciding to be a bit stubborn, I see. I hate to give you more "homework", but download SUPERAntiSpyware, update it, and scan with it in Safe Mode. Then go ahead and post the log here. To retrieve the removal information after reboot, launch SUPERAntiSpyware again. Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. Then...download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may CAUSE stalls.after about an hour of scanning, finally finished....dont worry about giving me homework, ur helping me SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/05/2007 at 00:37 AM Application Version : 3.9.1008 Core Rules Database Version : 3318 Trace Rules Database Version: 1319 Scan type : Complete Scan Total Scan Time : 00:39:12 Memory items scanned : 258 Memory threats detected : 0 Registry items scanned : 10005 Registry threats detected : 0 File items scanned : 70068 File threats detected : 6 Adware.Lop-Variant C:\PROGRAMDATA\GRIM PROGRAM ACTIVE\FORD KEEP BARB.EXE C:\PROGRAMDATA\GRIM PROGRAM ACTIVE\LBPZYDCB.EXE C:\PROGRAMDATA\LONG SLOW ROAD ITCH\SOFT NAME.EXE C:\USERS\ALL USERS\GRIM PROGRAM ACTIVE\FORD KEEP BARB.EXE C:\USERS\ALL USERS\GRIM PROGRAM ACTIVE\LBPZYDCB.EXE C:\USERS\ALL USERS\LONG SLOW ROAD ITCH\SOFT NAME.EXE ComboFix 07-10-04.6 - K!R 2007-10-05 0:45:36.1 - NTFSx86 Microsoftr Windows VistaT Home Premium 6.0.6000.0.1252.1.1033.18.169 [GMT 8:00] Running from: C:\Users\K!R\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\K!R\AppData\Roaming\inst.exe C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-05 00:44 51,200 --a------ C:\Windows\NirCmd.exe 2007-10-04 23:43 d-------- C:\Users\K!R\AppData\Roaming\SUPERAntiSpyware.com 2007-10-04 23:43 d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-10-04 23:43 d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-10-04 22:58 dr------- C:\!KillBox 2007-10-04 20:53 318 --a------ C:\delete.bat 2007-10-02 10:10 d-------- C:\Users\All Users\Long slow road itch 2007-10-02 10:10 d-------- C:\ProgramData\Long slow road itch 2007-10-02 10:09 d-------- C:\Users\All Users\grim program active 2007-10-02 10:09 d-------- C:\ProgramData\grim program active 2007-09-30 18:08 d-------- C:\Users\K!R\AppData\Roaming\Joost 2007-09-30 16:44 d-------- C:\Users\K!R\dwhelper 2007-09-28 16:40 d-------- C:\Users\All Users\p9-55-6o-55-93-56 2007-09-28 16:40 d-------- C:\ProgramData\p9-55-6o-55-93-56 2007-09-28 15:47 d-------- C:\Users\All Users\p9-55-2n-55-93-56 2007-09-28 15:47 d-------- C:\ProgramData\p9-55-2n-55-93-56 2007-09-27 17:30 dr-h----- C:\Users\K!R\AppData\Roaming\SecuROM 2007-09-26 14:08 0 --a------ C:\Windows\Infob.dat 2007-09-26 14:08 0 --a------ C:\Windows\Infoa.dat 2007-09-24 09:31 d-------- C:\Users\K!R\AppData\Roaming\Vidalia 2007-09-24 09:31 d-------- C:\Users\K!R\AppData\Roaming\tor 2007-09-21 17:04 d-------- C:\Program Files\Common Files\Apple 2007-09-21 17:01 d-------- C:\Users\All Users\Apple 2007-09-21 17:01 d-------- C:\ProgramData\Apple 2007-09-21 17:01 d-------- C:\Program Files\Apple Software Update 2007-09-19 06:54 d-------- C:\Users\K!R\AppData\Roaming\vlc 2007-09-19 05:50 d-------- C:\Program Files\Microsoft Works 2007-09-19 05:41 dr-h----- C:\MSOCache 2007-09-19 05:35 d-------- C:\Users\K!R\AppData\Roaming\Audacity 2007-09-19 04:51 d-------- C:\Users\K!R\AppData\Roaming\uTorrent 2007-09-19 04:28 86,016 --a------ C:\Windows\System32\AddiTunes.exe 2007-09-19 04:28 626,688 --a------ C:\Windows\System32\NCTImageFile.dll 2007-09-19 04:28 61,440 --a------ C:\Windows\System32\cygz.dll 2007-09-19 04:28 4,755,968 --a------ C:\Windows\System32\apexconverter.exe 2007-09-19 04:28 398,798 --a------ C:\Windows\System32\apexpmp.exe 2007-09-19 04:28 3,138,048 --a------ C:\Windows\System32\apexxbox.exe 2007-09-19 04:28 120,320 --a------ C:\Windows\System32\apexchanger.exe 2007-09-19 04:28 109,568 --a------ C:\Windows\System32\apex3gp.exe 2007-09-19 04:28 1,295,582 --a------ C:\Windows\System32\cygwin1.dll 2007-09-19 04:27 764,416 --a------ C:\Windows\System32\NCTRMFile.dll 2007-09-19 04:27 495,104 --a------ C:\Windows\System32\NCTVideoCoreM.dll 2007-09-19 04:27 382,464 --a------ C:\Windows\System32\NCTAVIFile.dll 2007-09-19 04:27 249,856 --a------ C:\Windows\System32\NCTQuickTimeFile.dll 2007-09-19 04:16 217,127 --a------ C:\Windows\System32\drv43260.dll 2007-09-19 04:16 208,935 --a------ C:\Windows\System32\drv33260.dll 2007-09-19 04:16 176,165 --a------ C:\Windows\System32\drv23260.dll 2007-09-19 03:18 29,704 --a------ C:\Windows\System32\uxtuneup.dll 2007-09-19 03:18 16,904 --a------ C:\Windows\System32\authuitu.dll 2007-09-19 03:16 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-19 03:10 512,096 --a------ C:\Windows\System32\drivers\amon.sys 2007-09-19 03:10 298,104 --a------ C:\Windows\System32\imon.dll 2007-09-19 03:10 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys 2007-09-18 02:23 823,296 --a------ C:\Windows\System32\divx_xx0c.dll 2007-09-18 02:23 823,296 --a------ C:\Windows\System32\divx_xx07.dll 2007-09-18 02:22 802,816 --a------ C:\Windows\System32\divx_xx11.dll 2007-09-18 02:22 739,840 --a------ C:\Windows\System32\DivX.dll 2007-09-18 01:51 685,816 --a------ C:\Windows\System32\drivers\sptd.sys 2007-09-17 17:49 89,360 --a------ C:\Windows\System32\VB5DB.DLL 2007-09-17 17:49 86,016 --a------ C:\Windows\unvise32qt.exe 2007-09-17 17:49 69,632 --a------ C:\Windows\System32\xmltok.dll 2007-09-17 17:49 505,104 --a------ C:\Windows\System32\msxml.dll 2007-09-17 17:49 36,864 --a------ C:\Windows\System32\xmlparse.dll 2007-09-17 17:49 28,432 --a------ C:\Windows\System32\msxmlr.dll 2007-09-17 17:49 26,088 --a------ C:\Windows\System32\xmlinst.exe 2007-09-17 17:49 24,576 --a------ C:\Windows\System32\msxml3a.dll 2007-09-17 17:48 d-------- C:\Users\All Users\QuickTime 2007-09-17 17:48 d-------- C:\ProgramData\QuickTime 2007-09-16 00:14 d-------- C:\Users\K!R\.dwa_store 2007-09-15 10:09 d-------- C:\Users\All Users\p9-55-60-55-55-7s 2007-09-15 10:09 d-------- C:\ProgramData\p9-55-60-55-55-7s 2007-09-14 22:02 d-------- C:\Users\All Users\55-55-55-55-55-55 2007-09-14 22:02 d-------- C:\ProgramData\55-55-55-55-55-55 2007-09-14 22:00 d-------- C:\Windows\Monopoly Here & Now Edition 2007-09-14 22:00 C:\Program Files\Monopoly 2007-09-13 18:48 d-------- C:\Program Files\Common Files\Steam 2007-09-13 12:17 49,664 --a------ C:\Windows\SSMaui Wowee.scr 2007-09-13 12:14 802,816 --a------ C:\Windows\FeedingFrenzy.scr 2007-09-13 12:13 57,344 --a------ C:\Windows\System32\Big Kahuna Reef.scr 2007-09-13 12:12 389,120 --a------ C:\Windows\Adventure Inlay.scr 2007-09-12 18:24 d-------- C:\Users\K!R\AppData\Roaming\GetRightToGo 2007-09-12 07:14 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe 2007-09-11 14:01 360,448 --a------ C:\Windows\System32\NCTWMAFile.dll 2007-09-11 14:01 1,703,936 --a------ C:\Windows\System32\NCTAudioFile.dll 2007-09-07 01:56 35 --a------ C:\Windows\popcinfo.dat 2007-09-05 18:48 139,264 --a------ C:\Windows\System32\eax.dll 2007-09-05 18:48 d-------- C:\Program Files\Creative 2007-09-05 18:47 233,472 -ra------ C:\Windows\System32\MafiaSetup.exe 2007-09-05 18:42 233,472 -ra------ C:\Users\K!R\AppData\Roaming\MafiaSetup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))). 2007-10-02 10:31 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-10-01 04:10 --------- d-------- C:\Users\K!R\AppData\Roaming\Internet Download Accelerator 2007-09-26 17:31 --------- d-------- C:\Users\K!R\AppData\Roaming\Vso 2007-09-24 08:48 --------- d-------- C:\Users\K!R\AppData\Roaming\FrostWire 2007-09-21 17:18 --------- d-------- C:\ProgramData\Apple Computer 2007-09-21 17:07 --------- d-------- C:\Users\K!R\AppData\Roaming\Apple Computer 2007-09-19 05:53 --------- d-------- C:\ProgramData\Microsoft Help 2007-09-19 05:49 --------- d-------- C:\Program Files\MSBuild 2007-09-19 05:43 --------- d-------- C:\Program Files\Microsoft Visual Studio 8 2007-09-19 04:16 47360 --a------ C:\Users\K!R\AppData\Roaming\pcouffin.sys 2007-09-19 03:45 --------- d-------- C:\Program Files\Common Files\PX Storage Engine 2007-09-15 08:04 --------- d-------- C:\Program Files\IE7pro 2007-09-12 09:53 --------- d-------- C:\Program Files\Windows Mail 2007-09-10 23:58 319984 --a------ C:\Windows\DIFxAPI.dll 2007-08-31 01:05 174 --ahs---- C:\Program Files\desktop.ini 2007-08-30 20:02 704000 --a------ C:\Windows\System32\PhotoScreensaver.scr 2007-08-30 20:01 88576 --a------ C:\Windows\System32\avifil32.dll 2007-08-30 20:01 82944 --a------ C:\Windows\System32\mciavi32.dll 2007-08-30 20:01 8138240 --a------ C:\Windows\System32\ssBranded.scr 2007-08-30 20:01 712192 --a------ C:\Windows\System32\WindowsCodecs.dll 2007-08-30 20:01 69632 --a------ C:\Windows\System32\sendmail.dll 2007-08-30 20:01 65024 --a------ C:\Windows\System32\avicap32.dll 2007-08-30 20:01 61440 --a------ C:\Windows\System32\ntprint.exe 2007-08-30 20:01 3504824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-08-30 20:01 3470008 --a------ C:\Windows\System32\ntoskrnl.exe 2007-08-30 20:01 31232 --a------ C:\Windows\System32\msvidc32.dll 2007-08-30 20:01 269824 --a------ C:\Windows\System32\schannel.dll 2007-08-30 20:01 220160 --a------ C:\Windows\System32\ntprint.dll 2007-08-30 20:01 1984512 --a------ C:\Windows\System32\authui.dll 2007-08-30 20:01 12800 --a------ C:\Windows\System32\msrle32.dll 2007-08-30 20:01 123904 --a------ C:\Windows\System32\msvfw32.dll 2007-08-30 20:01 120320 --a------ C:\Windows\System32\dhcpcsvc6.dll 2007-08-30 20:01 10240 --a------ C:\Windows\System32\dhcpcmonitor.dll 2007-08-29 20:45 --------- d-------- C:\Program Files\Windows Calendar 2007-08-29 20:04 8192 --a------ C:\Windows\System32\riched32.dll 2007-08-29 20:04 77824 --a------ C:\Windows\System32\rascfg.dll 2007-08-29 20:04 70144 --a------ C:\Windows\system32\drivers\pacer.sys 2007-08-29 20:04 694784 --a------ C:\Windows\System32\localspl.dll 2007-08-29 20:04 61952 --a------ C:\Windows\system32\drivers\wanarp.sys 2007-08-29 20:04 619008 --a------ C:\Windows\system32\drivers\dxgkrnl.sys 2007-08-29 20:04 52736 --a------ C:\Windows\System32\rasdiag.dll 2007-08-29 20:04 48640 --a------ C:\Windows\system32\drivers\ndproxy.sys 2007-08-29 20:04 384000 --a------ C:\Windows\System32\netcfgx.dll 2007-08-29 20:04 36864 --a------ C:\Windows\System32\cdd.dll 2007-08-29 20:04 33280 --a------ C:\Windows\System32\traffic.dll 2007-08-29 20:04 32768 --a------ C:\Windows\System32\rasmxs.dll 2007-08-29 20:04 286208 --a------ C:\Windows\System32\ipnathlp.dll 2007-08-29 20:04 22016 --a------ C:\Windows\System32\rasser.dll 2007-08-29 20:04 20480 --a------ C:\Windows\system32\drivers\ndistapi.sys 2007-08-29 20:04 15360 --a------ C:\Windows\System32\pacerprf.dll 2007-08-29 20:04 13824 --a------ C:\Windows\System32\wshqos.dll 2007-08-29 20:04 13824 --a------ C:\Windows\System32\icsunattend.exe 2007-08-29 20:04 134656 --a------ C:\Windows\System32\dps.dll 2007-08-29 20:03 750080 --a------ C:\Windows\System32\qmgr.dll 2007-08-22 03:35 53080 --a------ C:\Windows\System32\wuauclt.exe 2007-08-22 03:35 43352 --a------ C:\Windows\System32\wups2.dll 2007-08-22 03:35 1712984 --a------ C:\Windows\System32\wuaueng.dll 2007-08-22 03:35 1524224 --a------ C:\Windows\System32\wucltux.dll 2007-08-22 03:34 80896 --a------ C:\Windows\System32\wudriver.dll 2007-08-22 03:34 549720 --a------ C:\Windows\System32\wuapi.dll 2007-08-22 03:34 33624 --a------ C:\Windows\System32\wups.dll 2007-08-22 03:33 31232 --a------ C:\Windows\System32\wuapp.exe 2007-08-22 03:33 163000 --a------ C:\Windows\System32\wuwebv.dll 2007-08-21 08:26 81920 --a------ C:\Windows\System32\dpl100.dll 2007-08-21 08:26 196608 --a------ C:\Windows\System32\dtu100.dll 2007-08-17 23:31 --------- d-------- C:\Users\K!R\AppData\Roaming\Sports Interactive 2007-08-17 23:27 --------- d-------- C:\Users\Kir\AppData\Roaming\TuneUp Software 2007-08-17 23:16 --------- d-------- C:\Users\Kir\AppData\Roaming\Logitech 2007-08-17 19:43 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-16 06:33 524288 --a------ C:\Windows\System32\DivXsm.exe 2007-08-16 06:33 3596288 --a------ C:\Windows\System32\qt-dx331.dll 2007-08-16 06:33 200704 --a------ C:\Windows\System32\ssldivx.dll 2007-08-16 06:33 1044480 --a------ C:\Windows\System32\libdivx.dll 2007-08-16 06:31 593920 --a------ C:\Windows\System32\dpuGUI11.dll 2007-08-16 06:31 57344 --a------ C:\Windows\System32\dpv11.dll 2007-08-16 06:31 53248 --a------ C:\Windows\System32\dpuGUI10.dll 2007-08-16 06:31 344064 --a------ C:\Windows\System32\dpus11.dll 2007-08-16 06:31 294912 --a------ C:\Windows\System32\dpu11.dll 2007-08-16 06:31 294912 --a------ C:\Windows\System32\dpu10.dll 2007-08-16 06:30 12288 --a------ C:\Windows\System32\DivXWMPExtType.dll 2007-08-15 04:44 8147968 --a------ C:\Windows\System32\wmploc.DLL 2007-08-15 04:44 7680 --a------ C:\Windows\System32\spwmp.dll 2007-08-15 04:44 4096 --a------ C:\Windows\System32\dxmasf.dll 2007-08-15 04:43 1191936 --a------ C:\Windows\System32\msxml3.dll 2007-08-15 04:37 1335296 --a------ C:\Windows\System32\msxml6.dll 2007-08-15 04:35 56320 --a------ C:\Windows\System32\iesetup.dll 2007-08-15 04:35 52736 --a------ C:\Windows\AppPatch\iebrshim.dll 2007-08-15 04:35 26624 --a------ C:\Windows\System32\ieUnatt.exe 2007-08-07 18:09 --------- d-------- C:\Program Files\MSN Messenger 2007-07-27 07:06 129784 --------- C:\Windows\System32\pxafs.dll 2007-07-27 07:06 120056 --------- C:\Windows\System32\pxcpyi64.exe 2007-07-27 07:06 118520 --------- C:\Windows\System32\pxinsi64.exe 2007-07-11 09:02 86016 --a------ C:\Windows\System32\icfupgd.dll 2007-07-11 09:02 61952 --a------ C:\Windows\System32\cmifw.dll 2007-07-11 09:02 396800 --a------ C:\Windows\System32\MPSSVC.dll 2007-07-11 09:02 392192 --a------ C:\Windows\System32\FirewallAPI.dll 2007-07-11 09:02 374456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll 2007-07-11 09:02 178688 --a------ C:\Windows\System32\iphlpsvc.dll 2007-07-11 09:02 16896 --a------ C:\Windows\System32\wfapigp.dll 2007-07-11 09:00 57856 --a------ C:\Windows\System32\SLUINotify.dll 2007-06-09 12:06:50 56 --sha-r C:\Windows\System32\B309C375B6.sys 2007-06-09 12:06:59 3,766 --sha-w C:\Windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) .. Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-30 11:04] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-03-30 11:04] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-03-30 11:04] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-06 14:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-09-19 03:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "?r"="" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35] "NOD32 Control Center"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk" [2007-09-19 03:10] "Launch Manager"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK" [2007-04-16 20:07] "PeerGuardian"="D:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40] "Vidalia"="D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 14:02] "FunkItch"="C:\ProgramData\Pure Hole Hole.wybxn8j" [2007-10-04 19:49] "SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:37:48] Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 22:30:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:37:48] Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 22:30:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^K!R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Users\K!R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "c:\program files\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\] ??e R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe -p R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe -k netsvcs R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\Windows\system32\Drivers\LUsbFilt.Sys R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys R3 pgfilter;pgfilter;\??\D:\Program Files\PeerGuardian2\pgfilter.sys R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\Windows\System32\DRIVERS\ASPI32.sys S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs BthServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-28 11:55:47 C:\Windows\Tasks\1-Click Maintenance.job" - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2007-10-04 06:57:07 C:\Windows\Tasks\User_Feed_Synchronization-{371CCB78-4DF7-4D0F-9081-6B14D59BC5D5}.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 00:48:21 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-05 0:49:30 C:\ComboFix-quarantined-files.txt ... 2007-10-05 00:49 . --- E O F --- this is the Hijack This log file after the scans Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:26 AM, on 5/10/2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Launch Manager\QtZgAcer.EXE D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\ehome\ehmsas.exe D:\Program Files\Eset\nod32kui.exe C:\Windows\system32\igfxext.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE D:\Program Files\Vidalia Bundle\Tor\tor.exe D:\Program Files\PeerGuardian2\pg2.exe C:\Windows\explorer.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [NOD32 Control Center] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk O4 - HKCU\..\Run: [Launch Manager] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [FunkItch] "C:\ProgramData\Pure Hole Hole.wybxn8j" O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E9FB3-923F-4BED-B23D-5037D93AF3E4}: NameServer = 218.186.1.38,202.156.1.68 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: eNetHook.dll O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 9708 bytes

1078.

Solve : Pure Hole Hole?

Answer»

Volume in drive C is ACER
Volume Serial Number is 3056-A0AA

Directory of C:\Users\K!R\Application Data

Volume in drive C is ACER
Volume Serial Number is 3056-A0AA

Directory of C:\Users\Kir\Application Data

Volume in drive C is ACER
Volume Serial Number is 3056-A0AA

Directory of C:\Users\All Users\Application Data

Volume in drive C is ACER
Volume Serial Number is 3056-A0AA

Directory of C:\Users\Default\Application Data

Volume in drive C is ACER
Volume Serial Number is 3056-A0AA

Directory of C:\Users\Default User\Application Data

Okay, your infection doesn't seem to be as serious as I had thought it was going to be. That's usually a good sign. Heh. I've attached a zip file...in it is a reg file. Run that file and when prompted, click Yes. This will delete the infection's key in the registry.

Then...download CCleaner (install without Yahoo! toolbar) and configure it ACCORDING to this guide.

And if it still exists, try using Pocket KillBox to delete C:\ProgramData\Pure Hole Hole.wybxn8j. I would then like to see a new HijackThis log.i cant seem to find the attachment that u said u attached....and sorry to bother u so muchSorry, Zakir, the upload folder is full, so I can't attach the file right now. Instead, I'll tell you how to make it yourself. Copy everything in the quote box below...

Quote

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet EXPLORER\Main]
"FunkItch" =-

Then open up Notepad and paste the contents. Go to File > Save As... Next to Save as Type select All Files and name the file badkey.reg and save it to your desktop. You can then run the file like I previously instructed.

And don't worry, you're not a bother at all. This is what I'm here for!i did what u asked and used the pocker killbox and theres still 2 pure hole hole files in my programdata directory, one is a 0v203 file and the other a wybxn8j file.....and i did reboot after i did al that

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:55 PM, on 4/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\Vidalia Bundle\Tor\tor.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/defaults/sp/*http://sg.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NOD32 Control Center] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk
O4 - HKCU\..\Run: [Launch Manager] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [FunkItch] "C:\ProgramData\Pure Hole Hole.wybxn8j"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra 'Tools' MENUITEM: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E9FB3-923F-4BED-B23D-5037D93AF3E4}: NameServer = 218.186.1.38,202.156.1.68
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9818 bytes
This file is deciding to be a bit stubborn, I see. I hate to give you more "homework", but download SUPERAntiSpyware, update it, and scan with it in Safe Mode. Then go ahead and post the log here. To retrieve the removal information after reboot, launch SUPERAntiSpyware again. Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

Then...download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may CAUSE stalls.after about an hour of scanning, finally finished....dont worry about giving me homework, ur helping me

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2007 at 00:37 AM

Application Version : 3.9.1008

Core Rules Database Version : 3318
Trace Rules Database Version: 1319

Scan type : Complete Scan
Total Scan Time : 00:39:12

Memory items scanned : 258
Memory threats detected : 0
Registry items scanned : 10005
Registry threats detected : 0
File items scanned : 70068
File threats detected : 6

Adware.Lop-Variant
   C:\PROGRAMDATA\GRIM PROGRAM ACTIVE\FORD KEEP BARB.EXE
   C:\PROGRAMDATA\GRIM PROGRAM ACTIVE\LBPZYDCB.EXE
   C:\PROGRAMDATA\LONG SLOW ROAD ITCH\SOFT NAME.EXE
   C:\USERS\ALL USERS\GRIM PROGRAM ACTIVE\FORD KEEP BARB.EXE
   C:\USERS\ALL USERS\GRIM PROGRAM ACTIVE\LBPZYDCB.EXE
   C:\USERS\ALL USERS\LONG SLOW ROAD ITCH\SOFT NAME.EXE

ComboFix 07-10-04.6 - K!R 2007-10-05 0:45:36.1 - NTFSx86
Microsoftr Windows VistaT Home Premium 6.0.6000.0.1252.1.1033.18.169 [GMT 8:00]
Running from: C:\Users\K!R\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\K!R\AppData\Roaming\inst.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-05 00:44   51,200   --a------   C:\Windows\NirCmd.exe
2007-10-04 23:43      d--------   C:\Users\K!R\AppData\Roaming\SUPERAntiSpyware.com
2007-10-04 23:43      d--------   C:\Users\All Users\SUPERAntiSpyware.com
2007-10-04 23:43      d--------   C:\ProgramData\SUPERAntiSpyware.com
2007-10-04 22:58      dr-------   C:\!KillBox
2007-10-04 20:53   318   --a------   C:\delete.bat
2007-10-02 10:10      d--------   C:\Users\All Users\Long slow road itch
2007-10-02 10:10      d--------   C:\ProgramData\Long slow road itch
2007-10-02 10:09      d--------   C:\Users\All Users\grim program active
2007-10-02 10:09      d--------   C:\ProgramData\grim program active
2007-09-30 18:08      d--------   C:\Users\K!R\AppData\Roaming\Joost
2007-09-30 16:44      d--------   C:\Users\K!R\dwhelper
2007-09-28 16:40      d--------   C:\Users\All Users\p9-55-6o-55-93-56
2007-09-28 16:40      d--------   C:\ProgramData\p9-55-6o-55-93-56
2007-09-28 15:47      d--------   C:\Users\All Users\p9-55-2n-55-93-56
2007-09-28 15:47      d--------   C:\ProgramData\p9-55-2n-55-93-56
2007-09-27 17:30      dr-h-----   C:\Users\K!R\AppData\Roaming\SecuROM
2007-09-26 14:08   0   --a------   C:\Windows\Infob.dat
2007-09-26 14:08   0   --a------   C:\Windows\Infoa.dat
2007-09-24 09:31      d--------   C:\Users\K!R\AppData\Roaming\Vidalia
2007-09-24 09:31      d--------   C:\Users\K!R\AppData\Roaming\tor
2007-09-21 17:04      d--------   C:\Program Files\Common Files\Apple
2007-09-21 17:01      d--------   C:\Users\All Users\Apple
2007-09-21 17:01      d--------   C:\ProgramData\Apple
2007-09-21 17:01      d--------   C:\Program Files\Apple Software Update
2007-09-19 06:54      d--------   C:\Users\K!R\AppData\Roaming\vlc
2007-09-19 05:50      d--------   C:\Program Files\Microsoft Works
2007-09-19 05:41      dr-h-----   C:\MSOCache
2007-09-19 05:35      d--------   C:\Users\K!R\AppData\Roaming\Audacity
2007-09-19 04:51      d--------   C:\Users\K!R\AppData\Roaming\uTorrent
2007-09-19 04:28   86,016   --a------   C:\Windows\System32\AddiTunes.exe
2007-09-19 04:28   626,688   --a------   C:\Windows\System32\NCTImageFile.dll
2007-09-19 04:28   61,440   --a------   C:\Windows\System32\cygz.dll
2007-09-19 04:28   4,755,968   --a------   C:\Windows\System32\apexconverter.exe
2007-09-19 04:28   398,798   --a------   C:\Windows\System32\apexpmp.exe
2007-09-19 04:28   3,138,048   --a------   C:\Windows\System32\apexxbox.exe
2007-09-19 04:28   120,320   --a------   C:\Windows\System32\apexchanger.exe
2007-09-19 04:28   109,568   --a------   C:\Windows\System32\apex3gp.exe
2007-09-19 04:28   1,295,582   --a------   C:\Windows\System32\cygwin1.dll
2007-09-19 04:27   764,416   --a------   C:\Windows\System32\NCTRMFile.dll
2007-09-19 04:27   495,104   --a------   C:\Windows\System32\NCTVideoCoreM.dll
2007-09-19 04:27   382,464   --a------   C:\Windows\System32\NCTAVIFile.dll
2007-09-19 04:27   249,856   --a------   C:\Windows\System32\NCTQuickTimeFile.dll
2007-09-19 04:16   217,127   --a------   C:\Windows\System32\drv43260.dll
2007-09-19 04:16   208,935   --a------   C:\Windows\System32\drv33260.dll
2007-09-19 04:16   176,165   --a------   C:\Windows\System32\drv23260.dll
2007-09-19 03:18   29,704   --a------   C:\Windows\System32\uxtuneup.dll
2007-09-19 03:18   16,904   --a------   C:\Windows\System32\authuitu.dll
2007-09-19 03:16      d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 03:10   512,096   --a------   C:\Windows\System32\drivers\amon.sys
2007-09-19 03:10   298,104   --a------   C:\Windows\System32\imon.dll
2007-09-19 03:10   15,424   --a------   C:\Windows\System32\drivers\nod32drv.sys
2007-09-18 02:23   823,296   --a------   C:\Windows\System32\divx_xx0c.dll
2007-09-18 02:23   823,296   --a------   C:\Windows\System32\divx_xx07.dll
2007-09-18 02:22   802,816   --a------   C:\Windows\System32\divx_xx11.dll
2007-09-18 02:22   739,840   --a------   C:\Windows\System32\DivX.dll
2007-09-18 01:51   685,816   --a------   C:\Windows\System32\drivers\sptd.sys
2007-09-17 17:49   89,360   --a------   C:\Windows\System32\VB5DB.DLL
2007-09-17 17:49   86,016   --a------   C:\Windows\unvise32qt.exe
2007-09-17 17:49   69,632   --a------   C:\Windows\System32\xmltok.dll
2007-09-17 17:49   505,104   --a------   C:\Windows\System32\msxml.dll
2007-09-17 17:49   36,864   --a------   C:\Windows\System32\xmlparse.dll
2007-09-17 17:49   28,432   --a------   C:\Windows\System32\msxmlr.dll
2007-09-17 17:49   26,088   --a------   C:\Windows\System32\xmlinst.exe
2007-09-17 17:49   24,576   --a------   C:\Windows\System32\msxml3a.dll
2007-09-17 17:48      d--------   C:\Users\All Users\QuickTime
2007-09-17 17:48      d--------   C:\ProgramData\QuickTime
2007-09-16 00:14      d--------   C:\Users\K!R\.dwa_store
2007-09-15 10:09      d--------   C:\Users\All Users\p9-55-60-55-55-7s
2007-09-15 10:09      d--------   C:\ProgramData\p9-55-60-55-55-7s
2007-09-14 22:02      d--------   C:\Users\All Users\55-55-55-55-55-55
2007-09-14 22:02      d--------   C:\ProgramData\55-55-55-55-55-55
2007-09-14 22:00      d--------   C:\Windows\Monopoly Here & Now Edition
2007-09-14 22:00         C:\Program Files\Monopoly
2007-09-13 18:48      d--------   C:\Program Files\Common Files\Steam
2007-09-13 12:17   49,664   --a------   C:\Windows\SSMaui Wowee.scr
2007-09-13 12:14   802,816   --a------   C:\Windows\FeedingFrenzy.scr
2007-09-13 12:13   57,344   --a------   C:\Windows\System32\Big Kahuna Reef.scr
2007-09-13 12:12   389,120   --a------   C:\Windows\Adventure Inlay.scr
2007-09-12 18:24      d--------   C:\Users\K!R\AppData\Roaming\GetRightToGo
2007-09-12 07:14   156,992   --a------   C:\Windows\System32\DivXCodecVersionChecker.exe
2007-09-11 14:01   360,448   --a------   C:\Windows\System32\NCTWMAFile.dll
2007-09-11 14:01   1,703,936   --a------   C:\Windows\System32\NCTAudioFile.dll
2007-09-07 01:56   35   --a------   C:\Windows\popcinfo.dat
2007-09-05 18:48   139,264   --a------   C:\Windows\System32\eax.dll
2007-09-05 18:48      d--------   C:\Program Files\Creative
2007-09-05 18:47   233,472   -ra------   C:\Windows\System32\MafiaSetup.exe
2007-09-05 18:42   233,472   -ra------   C:\Users\K!R\AppData\Roaming\MafiaSetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).
2007-10-02 10:31   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-10-01 04:10   ---------   d--------   C:\Users\K!R\AppData\Roaming\Internet Download Accelerator
2007-09-26 17:31   ---------   d--------   C:\Users\K!R\AppData\Roaming\Vso
2007-09-24 08:48   ---------   d--------   C:\Users\K!R\AppData\Roaming\FrostWire
2007-09-21 17:18   ---------   d--------   C:\ProgramData\Apple Computer
2007-09-21 17:07   ---------   d--------   C:\Users\K!R\AppData\Roaming\Apple Computer
2007-09-19 05:53   ---------   d--------   C:\ProgramData\Microsoft Help
2007-09-19 05:49   ---------   d--------   C:\Program Files\MSBuild
2007-09-19 05:43   ---------   d--------   C:\Program Files\Microsoft Visual Studio 8
2007-09-19 04:16   47360   --a------   C:\Users\K!R\AppData\Roaming\pcouffin.sys
2007-09-19 03:45   ---------   d--------   C:\Program Files\Common Files\PX Storage Engine
2007-09-15 08:04   ---------   d--------   C:\Program Files\IE7pro
2007-09-12 09:53   ---------   d--------   C:\Program Files\Windows Mail
2007-09-10 23:58   319984   --a------   C:\Windows\DIFxAPI.dll
2007-08-31 01:05   174   --ahs----   C:\Program Files\desktop.ini
2007-08-30 20:02   704000   --a------   C:\Windows\System32\PhotoScreensaver.scr
2007-08-30 20:01   88576   --a------   C:\Windows\System32\avifil32.dll
2007-08-30 20:01   82944   --a------   C:\Windows\System32\mciavi32.dll
2007-08-30 20:01   8138240   --a------   C:\Windows\System32\ssBranded.scr
2007-08-30 20:01   712192   --a------   C:\Windows\System32\WindowsCodecs.dll
2007-08-30 20:01   69632   --a------   C:\Windows\System32\sendmail.dll
2007-08-30 20:01   65024   --a------   C:\Windows\System32\avicap32.dll
2007-08-30 20:01   61440   --a------   C:\Windows\System32\ntprint.exe
2007-08-30 20:01   3504824   --a------   C:\Windows\System32\ntkrnlpa.exe
2007-08-30 20:01   3470008   --a------   C:\Windows\System32\ntoskrnl.exe
2007-08-30 20:01   31232   --a------   C:\Windows\System32\msvidc32.dll
2007-08-30 20:01   269824   --a------   C:\Windows\System32\schannel.dll
2007-08-30 20:01   220160   --a------   C:\Windows\System32\ntprint.dll
2007-08-30 20:01   1984512   --a------   C:\Windows\System32\authui.dll
2007-08-30 20:01   12800   --a------   C:\Windows\System32\msrle32.dll
2007-08-30 20:01   123904   --a------   C:\Windows\System32\msvfw32.dll
2007-08-30 20:01   120320   --a------   C:\Windows\System32\dhcpcsvc6.dll
2007-08-30 20:01   10240   --a------   C:\Windows\System32\dhcpcmonitor.dll
2007-08-29 20:45   ---------   d--------   C:\Program Files\Windows Calendar
2007-08-29 20:04   8192   --a------   C:\Windows\System32\riched32.dll
2007-08-29 20:04   77824   --a------   C:\Windows\System32\rascfg.dll
2007-08-29 20:04   70144   --a------   C:\Windows\system32\drivers\pacer.sys
2007-08-29 20:04   694784   --a------   C:\Windows\System32\localspl.dll
2007-08-29 20:04   61952   --a------   C:\Windows\system32\drivers\wanarp.sys
2007-08-29 20:04   619008   --a------   C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-29 20:04   52736   --a------   C:\Windows\System32\rasdiag.dll
2007-08-29 20:04   48640   --a------   C:\Windows\system32\drivers\ndproxy.sys
2007-08-29 20:04   384000   --a------   C:\Windows\System32\netcfgx.dll
2007-08-29 20:04   36864   --a------   C:\Windows\System32\cdd.dll
2007-08-29 20:04   33280   --a------   C:\Windows\System32\traffic.dll
2007-08-29 20:04   32768   --a------   C:\Windows\System32\rasmxs.dll
2007-08-29 20:04   286208   --a------   C:\Windows\System32\ipnathlp.dll
2007-08-29 20:04   22016   --a------   C:\Windows\System32\rasser.dll
2007-08-29 20:04   20480   --a------   C:\Windows\system32\drivers\ndistapi.sys
2007-08-29 20:04   15360   --a------   C:\Windows\System32\pacerprf.dll
2007-08-29 20:04   13824   --a------   C:\Windows\System32\wshqos.dll
2007-08-29 20:04   13824   --a------   C:\Windows\System32\icsunattend.exe
2007-08-29 20:04   134656   --a------   C:\Windows\System32\dps.dll
2007-08-29 20:03   750080   --a------   C:\Windows\System32\qmgr.dll
2007-08-22 03:35   53080   --a------   C:\Windows\System32\wuauclt.exe
2007-08-22 03:35   43352   --a------   C:\Windows\System32\wups2.dll
2007-08-22 03:35   1712984   --a------   C:\Windows\System32\wuaueng.dll
2007-08-22 03:35   1524224   --a------   C:\Windows\System32\wucltux.dll
2007-08-22 03:34   80896   --a------   C:\Windows\System32\wudriver.dll
2007-08-22 03:34   549720   --a------   C:\Windows\System32\wuapi.dll
2007-08-22 03:34   33624   --a------   C:\Windows\System32\wups.dll
2007-08-22 03:33   31232   --a------   C:\Windows\System32\wuapp.exe
2007-08-22 03:33   163000   --a------   C:\Windows\System32\wuwebv.dll
2007-08-21 08:26   81920   --a------   C:\Windows\System32\dpl100.dll
2007-08-21 08:26   196608   --a------   C:\Windows\System32\dtu100.dll
2007-08-17 23:31   ---------   d--------   C:\Users\K!R\AppData\Roaming\Sports Interactive
2007-08-17 23:27   ---------   d--------   C:\Users\Kir\AppData\Roaming\TuneUp Software
2007-08-17 23:16   ---------   d--------   C:\Users\Kir\AppData\Roaming\Logitech
2007-08-17 19:43   ---------   d--------   C:\Program Files\Common Files\InstallShield
2007-08-16 06:33   524288   --a------   C:\Windows\System32\DivXsm.exe
2007-08-16 06:33   3596288   --a------   C:\Windows\System32\qt-dx331.dll
2007-08-16 06:33   200704   --a------   C:\Windows\System32\ssldivx.dll
2007-08-16 06:33   1044480   --a------   C:\Windows\System32\libdivx.dll
2007-08-16 06:31   593920   --a------   C:\Windows\System32\dpuGUI11.dll
2007-08-16 06:31   57344   --a------   C:\Windows\System32\dpv11.dll
2007-08-16 06:31   53248   --a------   C:\Windows\System32\dpuGUI10.dll
2007-08-16 06:31   344064   --a------   C:\Windows\System32\dpus11.dll
2007-08-16 06:31   294912   --a------   C:\Windows\System32\dpu11.dll
2007-08-16 06:31   294912   --a------   C:\Windows\System32\dpu10.dll
2007-08-16 06:30   12288   --a------   C:\Windows\System32\DivXWMPExtType.dll
2007-08-15 04:44   8147968   --a------   C:\Windows\System32\wmploc.DLL
2007-08-15 04:44   7680   --a------   C:\Windows\System32\spwmp.dll
2007-08-15 04:44   4096   --a------   C:\Windows\System32\dxmasf.dll
2007-08-15 04:43   1191936   --a------   C:\Windows\System32\msxml3.dll
2007-08-15 04:37   1335296   --a------   C:\Windows\System32\msxml6.dll
2007-08-15 04:35   56320   --a------   C:\Windows\System32\iesetup.dll
2007-08-15 04:35   52736   --a------   C:\Windows\AppPatch\iebrshim.dll
2007-08-15 04:35   26624   --a------   C:\Windows\System32\ieUnatt.exe
2007-08-07 18:09   ---------   d--------   C:\Program Files\MSN Messenger
2007-07-27 07:06   129784   ---------   C:\Windows\System32\pxafs.dll
2007-07-27 07:06   120056   ---------   C:\Windows\System32\pxcpyi64.exe
2007-07-27 07:06   118520   ---------   C:\Windows\System32\pxinsi64.exe
2007-07-11 09:02   86016   --a------   C:\Windows\System32\icfupgd.dll
2007-07-11 09:02   61952   --a------   C:\Windows\System32\cmifw.dll
2007-07-11 09:02   396800   --a------   C:\Windows\System32\MPSSVC.dll
2007-07-11 09:02   392192   --a------   C:\Windows\System32\FirewallAPI.dll
2007-07-11 09:02   374456   --a------   C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-07-11 09:02   178688   --a------   C:\Windows\System32\iphlpsvc.dll
2007-07-11 09:02   16896   --a------   C:\Windows\System32\wfapigp.dll
2007-07-11 09:00   57856   --a------   C:\Windows\System32\SLUINotify.dll
2007-06-09 12:06:50   56   --sha-r   C:\Windows\System32\B309C375B6.sys
2007-06-09 12:06:59   3,766   --sha-w   C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
..
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-30 11:04]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-03-30 11:04]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-03-30 11:04]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-06 14:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-09-19 03:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?r"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35]
"NOD32 Control Center"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk" [2007-09-19 03:10]
"Launch Manager"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK" [2007-04-16 20:07]
"PeerGuardian"="D:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"Vidalia"="D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 14:02]
"FunkItch"="C:\ProgramData\Pure Hole Hole.wybxn8j" [2007-10-04 19:49]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:37:48]
Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 22:30:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:37:48]
Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 22:30:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^K!R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\K!R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\]
??e

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe -p
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe -k netsvcs
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\Windows\system32\Drivers\LUsbFilt.Sys
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
R3 pgfilter;pgfilter;\??\D:\Program Files\PeerGuardian2\pgfilter.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\Windows\System32\DRIVERS\ASPI32.sys
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService
S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted   hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs   BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 11:55:47 C:\Windows\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-10-04 06:57:07 C:\Windows\Tasks\User_Feed_Synchronization-{371CCB78-4DF7-4D0F-9081-6B14D59BC5D5}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 00:48:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05 0:49:30
C:\ComboFix-quarantined-files.txt ... 2007-10-05 00:49
.
   --- E O F ---
this is the Hijack This log file after the scans

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:26 AM, on 5/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
D:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\Vidalia Bundle\Tor\tor.exe
D:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NOD32 Control Center] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk
O4 - HKCU\..\Run: [Launch Manager] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [FunkItch] "C:\ProgramData\Pure Hole Hole.wybxn8j"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra button: btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E9FB3-923F-4BED-B23D-5037D93AF3E4}: NameServer = 218.186.1.38,202.156.1.68
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9708 bytes

Discussion

1079.	Solve : SpyFalcon won't go away?
Answer» This Spyfalcon keeps coming back. Running AVG and Spybot S&D... Turned off system restore... started in safe mode... ran Spybot It is STILL there... Removed it 3 times from "Add or Remove Programs" in the Control Panel It sits in the task bar and constantly tells me "Security Alert" If it helps I am running Win Xp Home The link goes here spyfalcon.com Any suggestions will be appreiciated. Thanks KelleeHave you tried Start=>All Programs=>SpyFalcon=>Uninstall ?? Quote It is still there... Removed it 3 times from "Add or Remove Programs" in the Control Panel It sits in the task bar and constantly tells me "Security Alert" It is not in the Start Menu All ProgramsKellee.... You might WISH to D/L CCLeaner .... http://www.ccleaner.com/ Once INSTALLED , RUN the "Cleaner" portion and then run the "Issues" This may pickup the entries that are still left in the registry and remove them. Let us know how it works for you . dl65 CCleaner won't deal with SpyFalcon nor any other infection but there are tools and procedures available. Read in [highlight]here[/highlight] and follow the instructions to the letter. When done, carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done. If possible, ZIP the logfile and attach it rather than post it.Would a mod or Kellee please remove the link to the SpyFalcon site as soon as possble.Sorry 'bout that I removed the link. Considering reformatting the drive and reinstalling OS...when I get the time, until then we still have 2 other healthy computers. A good format and reinstall will solve most Windows problems, for a while.

1079.

Solve : SpyFalcon won't go away?

Answer»

This Spyfalcon keeps coming back.

Running AVG and Spybot S&D...
Turned off system restore...
started in safe mode...
ran Spybot

It is STILL there...

Removed it 3 times from "Add or Remove Programs" in the Control Panel
It sits in the task bar and constantly tells me "Security Alert"

If it helps I am running Win Xp Home

The link goes here spyfalcon.com

Any suggestions will be appreiciated.

Thanks
KelleeHave you tried Start=>All Programs=>SpyFalcon=>Uninstall ?? Quote

It is still there...

Removed it 3 times from "Add or Remove Programs" in the Control Panel
It sits in the task bar and constantly tells me "Security Alert"

It is not in the Start Menu All ProgramsKellee.... You might WISH to D/L CCLeaner .... http://www.ccleaner.com/

Once INSTALLED , RUN the "Cleaner" portion and then run the "Issues"
This may pickup the entries that are still left in the registry and remove them.

Let us know how it works for you .

dl65 CCleaner won't deal with SpyFalcon nor any other infection but there are tools and procedures available.
Read in [highlight]here[/highlight] and follow the instructions to the letter.

When done, carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done.
If possible, ZIP the logfile and attach it rather than post it.Would a mod or Kellee please remove the link to the SpyFalcon site as soon as possble.Sorry 'bout that

I removed the link.

Considering reformatting the drive and reinstalling OS...when I get the time, until then we still have 2 other healthy computers.

A good format and reinstall will solve most Windows problems, for a while.

Discussion

1080.	Solve : I need help ASAP!?
Answer» hey every body. Just so you know I'm running windows xp. my younger brother went on my computer and I think he visited some... adult sites and now my computer it freezing, slow as molasses and i keep getting pop ups to download "offiicial" anti spyware PROGRAMS that I've never even heard of and I keep getting the little bubbles in the bottom right of the screen telling me I have spyware and malware, trojan viruses and a worm virus. I ran a scan with norton and it found the trojan and said it resolved the problem. I went to the boot menu and I think I selected it to stop starting up when I start my computer but it keeps coming back. so then I downloaded spyware bot and it told me that I have 359 parasites and infected FOLDERS etc. etc. I ran a scan about and hour later and it increased to 457! am I totally screwed or can some one give me hand with this one?You probably need a PROGRAM with realtime protection, since it looks like the virus keeps spreading. Maybe try downloading a free trial version of AVG Antispyware. You could also try the free version of SUPERAntiSpyware. Or you could get a 30-day free trial version of Panda, which has complete protection. Once you get rid of the infection, you can uninstall it. READ optional read Spyware Bot.... once a rogue always a rogue.You found me again FED! Quote from: Fed on September 24, 2007, 03:11:57 PM Spyware Bot.... once a rogue always a rogue. I thought he had mispelled Spybot. No wonder...what does a rouge spyware program do and how do i get rid of it? is it bad?http://en.wikipedia.org/wiki/Rogue_softwareDownload HijackThis to its own folder here and a post a log here so we can get a better idea of what's going on.Ouch.... Ever Heard of A Rare virus Type Called multyplying trojan? in multyplys or sends more infected files When You Do a certain Task, Try This Boot Into Safe mode And Follow All The Steps After This Then Defrag To maybe get Your comp running A bit smoother.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

1080.

Solve : I need help ASAP!?

Answer»

hey every body. Just so you know I'm running windows xp. my younger brother went on my computer and I think he visited some... adult sites and now my computer it freezing, slow as molasses and i keep getting pop ups to download "offiicial" anti spyware PROGRAMS that I've never even heard of and I keep getting the little bubbles in the bottom right of the screen telling me I have spyware and malware, trojan viruses and a worm virus. I ran a scan with norton and it found the trojan and said it resolved the problem. I went to the boot menu and I think I selected it to stop starting up when I start my computer but it keeps coming back. so then I downloaded spyware bot and it told me that I have 359 parasites and infected FOLDERS etc. etc. I ran a scan about and hour later and it increased to 457! am I totally screwed or can some one give me hand with this one?You probably need a PROGRAM with realtime protection, since it looks like the virus keeps spreading. Maybe try downloading a free trial version of AVG Antispyware. You could also try the free version of SUPERAntiSpyware. Or you could get a 30-day free trial version of Panda, which has complete protection. Once you get rid of the infection, you can uninstall it. READ

optional read Spyware Bot.... once a rogue always a rogue.You found me again FED!

Quote from: Fed on September 24, 2007, 03:11:57 PM

Spyware Bot.... once a rogue always a rogue.

I thought he had mispelled Spybot. No wonder...what does a rouge spyware program do and how do i get rid of it? is it bad?http://en.wikipedia.org/wiki/Rogue_softwareDownload HijackThis to its own folder here and a post a log here so we can get a better idea of what's going on.Ouch.... Ever Heard of A Rare virus Type Called multyplying trojan? in multyplys or sends more infected files When You Do a certain Task, Try This Boot Into Safe mode And Follow All The Steps After This Then Defrag To maybe get Your comp running A bit smoother.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1081.	Solve : clueless?
Answer» I GOOGLED SGETask.Exe and I didn't find ANYTHING except links to other HijackThis logs. Are you SURE?I'm not sure about it myself which is why I ASKED. I would appreciate a copy of it so that I can ANALYSE it.

Discussion

1082.	Solve : Santa Claus?
Answer» Hi I'm running Windows Vista 32-bit with the latest up GRADES, my Virus softwear is NORTON 360, I upgrade these things whenever it tells me there are upgrades. Now on to the annoyance, every so often a voice on my computer says santa clause, it happens randomly and not when any particular program is running so I can't trace it to any of my browsers or any of my IM softwear and its no so much a problem as an annoyence. So any HELP would be immensley appreciated. joe PS excuse my spellingOdd...have you downloaded any Christmas screensavers recently? How long has this been happening? Download HijackThis to its own folder and then post a log here for us to analyze. It will help us see what's running on your computer and what shouldn't be.Ok My cousin has A Backround and screensaver And When Ever You make a mouse click it will says santa CLAUS '' other then That Go to Control Panel/Sounds and Multimedia...in that window any marked with a speaker items have a sound assigned to them. To hear the sound related clik on the event and then clik the arrow pointing to the right and it will play... Unfortunately you will have to check them one by one to find the culprit. When found just select "None" on the offending event. Re-boot.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1083.	Solve : Viruses and Spyware problems?
Answer» A friends PC slowed to a crawl so he called a PC REPAIR company to come out and fix his PC. He said he wasn't running an ANTIVIRUS and spyware program and the tech found loads of viruses and spyware on this hdrive. If these THINGS are already implanted onto the hard drive will installing antivirus and spyware software at that time, if it could even be installed, remove and fix the problems or is it too late and he would have to fdisk and reinstall XP Home?It REALLY depends on the level of infection and what the infections actually are. Unless you have a genuine interest in solving the problems that you'll come across, there comes a point when you have to balance the time spent in attempting to revive a system against the time saved on a fresh installation. If you or your friend would like a stab at cleaning up this system, I'm sure you'll get all the help you need here. Conversely, if you DECIDE to bite the bullet and start again from scratch, I'm sure that help and advice for that will be available too.

Discussion

1084.	Solve : Having problems can someone look at my HJT log???
Answer» My internet is running ver slow. I've ran Ccleaner, Adaware, Spybot, AVG free, Ewido Antispyware and Mcaffee and nothing has helped it. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\LTMSG.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\igfxtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\DropBox\DropBox\DropBox.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\alg.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166385398125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166386230984 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe Thanks!follow this guide then follow this one make sure you do as much of the guides as you can in safe mode and also i would make a folder on your desktop and put hijackthis in that folderThanks for your response. I did everything you listed... I even uninstalled and reinstalled IE thinking I had a bad download but it's still slow. My ISP says it's not on their end. What else could be going on?? Thanks!What kind of connection do you have? Are there any other computers sharing this connection? If so, are they experiencing any difficulties? How long has this been happening? Have you tried System Restore? Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls. Also post a new HijackThis log.My computer is on Wildblue Satellite internet. IT's the only computer hooked up and the problem started a couple of weeks ago. Here's my combo fix log Files Created from 2007-08-25 to 2007-09-25 ))))))))))))))))))))))))))))))) . 2007-09-25 09:20 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-17 16:52 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2007-09-17 16:37 d-------- C:\Program Files\CCleaner 2007-09-17 16:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-09-17 13:58 d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-09-17 13:57 d-------- C:\Program Files\SiteAdvisor 2007-09-17 13:57 d-------- C:\DOCUME~1\Owner\APPLIC~1\SiteAdvisor 2007-09-17 13:57 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor 2007-09-17 13:55 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-09-17 13:55 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-09-17 13:55 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-09-17 13:55 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-09-17 13:55 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-09-17 13:55 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-09-17 13:54 d-------- C:\Program Files\McAfee.com 2007-09-17 13:53 d-------- C:\Program Files\McAfee 2007-09-17 13:53 d-------- C:\Program Files\Common Files\McAfee 2007-09-17 13:39 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee 2007-09-17 07:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-17 06:44 63 --a------ C:\WINDOWS\system\SysSD.dll 2007-09-17 06:43 d-------- C:\Program Files\SpywareDetector 2007-09-12 11:00 d-------- C:\DOCUME~1\Owner\.housecall6.6 2007-08-31 16:59 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-08-30 12:58 d-------- C:\Program Files\AviSynth 2.5 2007-08-26 10:33 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-26 10:33 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-26 10:33 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-26 10:33 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-26 10:32 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-26 10:32 d-------- C:\Program Files\Spyware Doctor 2007-08-26 10:32 d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools 2007-08-26 10:21 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-08-26 10:21 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-08-26 10:18 d-------- C:\Program Files\Picasa2 2007-08-26 10:16 d-------- C:\WINDOWS\system32\runtime 2007-08-26 10:11 d-------- C:\Program Files\Norton Security Scan 2007-08-26 09:55 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-17 21:41 --------- d-------- C:\Program Files\QuickTime 2007-09-17 21:11 --------- d-------- C:\Program Files\Google 2007-09-16 21:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-16 20:01 --------- d-------- C:\Program Files\Norton AntiVirus 2007-09-16 20:01 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-16 20:01 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Symantec 2007-09-16 20:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-09-16 18:26 --------- d-------- C:\Program Files\Symantec 2007-08-31 17:27 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Google 2007-08-30 13:00 --------- d-------- C:\Program Files\DropBox 2007-08-26 10:15 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-08-22 16:22 3888 --a------ C:\WINDOWS\viassary-hp.reg 2007-08-22 16:22 --------- d-------- C:\Program Files\Easy Internet signup 2007-08-19 20:30 --------- d-------- C:\Program Files\CDBurnerXP Pro 3 2007-08-18 08:57 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-18 08:57 --------- d-------- C:\Program Files\Quicken 2007-08-17 23:00 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2007-08-17 23:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software 2007-08-17 22:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-08-17 22:53 --------- d-------- C:\Program Files\Motorola Phone Tools 2007-08-17 22:52 --------- d-------- C:\Program Files\Common Files\Motorola Shared 2007-08-17 22:45 --------- d-------- C:\Program Files\Avanquest update 2007-08-17 17:53 9232 --a------ C:\DOCUME~1\Owner\mqdmmdfl.sys 2007-08-17 17:53 92064 --a------ C:\DOCUME~1\Owner\mqdmmdm.sys 2007-08-17 17:53 79328 --a------ C:\DOCUME~1\Owner\mqdmserd.sys 2007-08-17 17:53 66656 --a------ C:\DOCUME~1\Owner\mqdmbus.sys 2007-08-17 17:53 6208 --a------ C:\DOCUME~1\Owner\mqdmcmnt.sys 2007-08-17 17:53 5936 --a------ C:\DOCUME~1\Owner\mqdmwhnt.sys 2007-08-17 17:53 4048 --a------ C:\DOCUME~1\Owner\mqdmcr.sys 2007-08-17 17:53 25600 --a------ C:\DOCUME~1\Owner\usbsermptxp.sys 2007-08-17 17:53 22768 --a------ C:\DOCUME~1\Owner\usbsermpt.sys 2007-08-03 10:38 --------- d-------- C:\Program Files\Lavasoft 2007-08-03 10:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-03 10:37 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-31 07:13 --------- d-------- C:\Program Files\Snapfish Picture Mover 2007-07-31 07:13 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Snapfish 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-26 12:48 --------- d-------- C:\Program Files\WON 2007-07-26 12:48 --------- d-------- C:\Program Files\Sierra On-Line 2007-07-25 08:53 --------- d-------- C:\Program Files\Cub Rummy 2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2006-05-07 11:20 774144 --a------ C:\Program Files\RngInterstitial.dll .((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 16:51] "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23] "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42] "LTMSG"="LTMSG.exe" [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 21:56] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 16:55] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-20 09:59] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-03 06:45] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-31 07:33] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DropBoxUtility"="C:\Program Files\DropBox\DropBox\DropBox.exe" [2007-08-24 00:40] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 07:58] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-26 09:55:30] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40] C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\ PowerReg Scheduler V3.exe [2007-05-30 10:54:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] ="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Organize.lnk backup=C:\WINDOWS\pss\Organize.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Snapfish Picture Mover.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Snapfish Picture Mover.lnk backup=C:\WINDOWS\pss\Snapfish Picture Mover.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=2 (0x2) "AOL ACS"=2 (0x2) S2 NdisFilter;NdisFilter;\??\c:\windows\system32\drivers\ndisfilter.sys S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys S3 DPCNET5U;Satellite USB Driver;C:\WINDOWS\system32\DRIVERS\dpcnet5u.sys S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-17 18:54:50 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2007-09-17 18:54:49 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-25 09:34:35 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL CODE modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-09-25 9:40:39 C:\ComboFix-quarantined-files.txt ... 2007-09-25 09:40Here's my Hijack this log Logfile of HijackThis v1.99.1 Scan saved at 9:53:07 AM, on 9/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\LTMSG.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\igfxtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\DropBox\DropBox\DropBox.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcregist.exe C:\WINDOWS\system32\wuauclt.exe c:\program files\mcafee\msc\mcuimgr.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International* O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166385398125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166386230984 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe Thanks for looking!Can you think of anything that happened right before your problem started? I'll have to take a much closer look at your logs tonight, but right now, I'm not seeing much that could be contributing to your problem. There are a couple of things you should get rid of, though... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders. Navigate to and delete the following file(s) if present... C:\WINDOWS\system32\ALCXMNTR.exe Once you've done all of this, reboot into Normal Mode and let me know how everything's running now and if you had any problems following my steps. You may also want to try running a scan with SUPERAntiSpyware in Safe Mode.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1085.	Solve : Error SWNC5E00?
Answer» Something seems a bit off to me... I'd like to SEE a HijackThis log.Due to lack of feedback, I am closing this topic. If you are the ORIGINAL POSTER and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a NEW Topic with information about your computer and your problem.

Discussion

1086.	Solve : issue with images on computer?
Answer» this may sound really out there in left field without a mit, but is there a virus that attachs IMAGES... GIF EXT.. places odd FACES on them. please dont think me nuts, but i swear i see them. my computer doesnt show any virus... if there ISNT, then well, im off the doctor, cause i see them as plain as day.Could you post a screen shot?If you have recently installed some new Image viewing software on your PC and set the associations to the new program then the icons will of changed...You may wan't to slow down you're assumptions. While I don't think there are any doubts what you saw it doesn't sound like a virus. As Shoon81 said it's probably just some imaging software that associates itself with certain file types .gif, .jpg, .png, etc. Uninstall the software or reinstall it, and specify which filetypes to associate itself with if any if this is possible. 8-)

Discussion

1087.	Solve : question on reformatting harddisk?
Answer» Hi, Just want to ask you guys to make sure that i do the right thing here. I have a PC desktop running windows XP Pro, Pentium 4. A long ago, i had problems with this computer being infected by viruses and trojans. I had used the lavasoft adaware to detect the spywares and have them removed, run the antivirus Norton, run disk cleanup, and run both lavasoft and Norton in the safemode. Yet despite those efforts, the windows still detected spywares on my computer saying that some of my files document have been ACCESSED (those warning from windows firewall as WELL as antivirus). They came up very often. they even showed up as soon as you turned on your computer and had the windows loaded up. i could go to IE but the IE was redirected to a specific website i.e. some ads of antispywares products despite the default settings i set to go to a specific website when the IE was clicked. Anyway, those were the problems i had until i went to get a new hard disk that got all those annoying things off my back. Now that hard disk(or the old one that's got viruses and trojans) is still here with me. What i'd like to do is to have it reformatted. My question is i heard that you can hook it up to the computer as a SLAVE and then reformat it from there. My question is will the viruses and other trojan invade into my new harddisk if i hooked it up to my new hard disk? what are the things i should watch out for for doing this. They both are seagate but the new one is IDE, not sure about the old one. Anyway, your help is greatly appreciated Thank you in advanceNo problem I see if you remove the partition, re-make a partition and format it. Buying another hard drive to cure a few infections is a little extreme to say the least! I would not place the two drives in the system together for now for fear of cross contamination. We don't know what nasties the original drive is harbouring so hook it up as a single master and use a floppy or bootable CD to destroy everything on it. Delete all partitions and start from scratch. Once clean, you can slave it to your new drive.

Discussion

1088.	Solve : can someone check my HJT log???
Answer» HI Can someone please take a look at this log and tell me if i have anything suspicious on my pc? thanks! I am using MicroSoft windows xp proffesional SP2 I am using a HP intel(R) Core(TM)2 CPU, T5600 1.83Ghz, 1Gb Ram Thanks [Saving disk space - attachment deleted by admin]My PC is strangley slow so I am suspecting that I have a virus or worm. I use Trend Micro and that doesnt pick up any viruses.download avg http://free.grisoft.com/doc/5390/us/frt/0 and spybot SEARCH &AMP; destroy http://www.safer-networking.org/en/index.html update them and scan.You should also run a scan with SUPERAntiSpyware. When you've completed all scans, post an update along with a new HijackThis log.Hi there Ok, I have run spybot and it picks up a few thinsg buut kills them succesfully. bt my problem is still there. i am now running superantispyware. i will post a log soon. I have another symptom: i get these alerts form my taskbar: "System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution." google yields this site http://www.bleepingcomputer.com/forums/topic81275.html but i cant see the process running to begin with in my hijackthis. ill post a log soon. thanks Quote "System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution." It would probably be pretty productive right about now to know the name of the Co. and or a link to what rogue program wants you to DLoad their software... Details cost nothing so quit HOLDING on to them...sorrry....... its called antivirgearhey. sorry baout teh late reply. got busy at work. heres the latest HIJACK this. superantispyware picked up quite a few things and the message ""System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution." " has now gone away. however i am still quite nervous about the state of the machine i am using. so if anyone sees anything suspicious about my HJT log, let me knw. tahnks! [Saving disk space - attachment deleted by admin]Check out this page... http://www.bleepingcomputer.com/forums/topic108399.html You have a suspicious-looking file in your log: C:\WINDOWS\TEMP\GQB5EB.EXE. You should head over to VirusTotal and scan this file if it still exists. If not, try looking for other files in that folder with a similar name. Also, go ahead and download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here, along with a new HijackThis log. Note: Don't click on the window while it's running; this may cause stalls.Due to lack of feedback, I am closing this topic. If you are the original POSTER and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

1088.

Solve : can someone check my HJT log???

Answer»

HI

Can someone please take a look at this log and tell me if i have anything suspicious on my pc? thanks!

I am using MicroSoft windows xp proffesional SP2
I am using a HP intel(R) Core(TM)2 CPU, T5600 1.83Ghz, 1Gb Ram

Thanks

[Saving disk space - attachment deleted by admin]My PC is strangley slow so I am suspecting that I have a virus or worm. I use Trend Micro and that doesnt pick up any viruses.download avg
http://free.grisoft.com/doc/5390/us/frt/0
and spybot SEARCH &AMP; destroy
http://www.safer-networking.org/en/index.html
update them and scan.You should also run a scan with SUPERAntiSpyware. When you've completed all scans, post an update along with a new HijackThis log.Hi there

Ok, I have run spybot and it picks up a few thinsg buut kills them succesfully. bt my problem is still there. i am now running superantispyware. i will post a log soon.

I have another symptom: i get these alerts form my taskbar:

"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."

google yields this site http://www.bleepingcomputer.com/forums/topic81275.html

but i cant see the process running to begin with in my hijackthis.

ill post a log soon. thanks

Quote

"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."

It would probably be pretty productive right about now to know the name of the Co. and or a link to what rogue program wants you to DLoad their software...
Details cost nothing so quit HOLDING on to them...sorrry.......

its called antivirgearhey. sorry baout teh late reply. got busy at work.

heres the latest HIJACK this. superantispyware picked up quite a few things and the message
""System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution."
"

has now gone away. however i am still quite nervous about the state of the machine i am using. so if anyone sees anything suspicious about my HJT log, let me knw. tahnks!

[Saving disk space - attachment deleted by admin]Check out this page...
http://www.bleepingcomputer.com/forums/topic108399.html

You have a suspicious-looking file in your log: C:\WINDOWS\TEMP\GQB5EB.EXE. You should head over to VirusTotal and scan this file if it still exists. If not, try looking for other files in that folder with a similar name.

Also, go ahead and download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here, along with a new HijackThis log. Note: Don't click on the window while it's running; this may cause stalls.Due to lack of feedback, I am closing this topic. If you are the original POSTER and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1089.	Solve : Help identifying entries?
Answer» Windows XP Mozilla Firefox My AV showed the following entries, which I would like to identify and remove, if necessary: ACS DB Updater ACS Uninstall A-NSISu.exe 4148.921a Client V GLJ20.tmp GLJ4.tmp INS6.tmp LSA Shell Export V Set1E.tmp, Set21.tmp, Set20.tmp, Set30.tmp, Set31.tmp, Set32.tmp, Set33.tmp wmint.exe I googled them but most of the info I get is in another language. Can you help? I'm afraid some may be to no good. :-? If bad files, how can I get rid of them? Thanks.Well the .tmp files are temporary files which to the best of my knowledge can be deleted. Although don't take my word for it. Try using this site. http://whatisthatfile.com/ It can be used to shed light on strange files.Very strange... We're looking into it :-/ I'm having a hard time finding good results as well... FlameI suspect a Sasser VARIANT, a trojan downloader or two and a couple of other items of malware are involved. Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done. If possible, zip the logfile and attach it rather than post it.Been cleaning my PC as instructed and up-to-now all is negative. I also reinstalled my Firewall (ZA) and the entries disappeared, the only one remaining is GLJ14.tmp which you told me might be a temporary file. Only two things I need help with now, (1) how to work with IE-SpyAd, and (2) how to zip a file so I can send you my HJT log. Any help will be appreciated. Thanks a lot! That temp file is possibly a trojan downloader family member. Use CCleaner and set it to delete all temp files without waiting for the specified time before running it. There's a tutorial and explanation of IE-SpyAD [highlight]here[/highlight] and the application itself should be downloaded from it's [highlight]new residence[/highlight] at SpywareWarrior. I'll update all LINKS to it now! The most popular Zip program has to be [highlight]WinZip[/highlight]. Although it's never been freeware, the shareware version has, up until now at least, never expired and always remained useable. To archive files, either use it's GUI or the Windows Explorer right click context menu, where, after installation you'll see a Winzip "group" entry. In the attached example, aspi.log is being added to the currently empty aspi.zip archive. You would do the same with hijackthis.log and then attach hijackthis.zip to your post. [highlight]WinRaR[/highlight] is also a very useful archiving tool which is COMPATIBLE with Winzip. Again' it's available as a shareware product that, to my knowledge, never expires. The free OPEN source 7Zip is available [highlight]here[/highlight] but it's default is not wholly compatible with Winzip.Sorry, but it seems that there are no more attachments until admin has had a cleaning spree: You're GOING to have to post your logfile in sequential blocks of <=5500 characters. If you have some (Free ISP based perhaps?) web space you could upload the logfile there and link to it. Change the .log extension to .txt to ensure compatibility.Hi! Thanks a lot for all your help! It seems I cleaned the PC and all I have to do is send you my HJT log to see if anything has to be removed; however, I hit a snag. I do have web space from my ISP but all I've is a blank page, I have to create the page and I don't have an idea on how to do it; in other words, I cannot up/d because I don't know how to do it. Will I impose on you if I ask for some suggestions? Thanks. I think you can now post attachments again so you should be OK. Regarding webspace, many providers demand that webspace is activated and that an HTML file called index.htm or index.html is uploaded before anything else can be achieved. If this is ISP provided webspace, much depends upon which ISP you use so without further info, it's not really possible to advise. By and large though, if it's just a bit of storage space you're after, it's pretty simple to set up and use. Your "free" webspace can be very useful indeed for storing files and pictures etc or indeed, Hijackthis logfiles. And, as it's free, why not take advantage of it? If you're interested, it may be wise to start a new thread on this in the relevant forum section but have a look at your ISP support area first.

Discussion

1090.	Solve : Internet Not Working, Virus??
Answer» RECENTLY my computer decided to stop connecting to the internet. I thought it might be a virus problem after trying to reset the modem and the fact that my laptop connects to the internet fine. I ran a virus scan and a couple of trojans popped up. I chose to delete them and did another scan and they were there again. I deleted them again and also ran "SAV32CLI" to get them off per Sophos website. It ran its scan and didnt find anything. So I ran Sophos again and they no longer show up. However, an error of "Scanning "C:\WINDOWS\system32\mmf.sys returned SAV Interface error 0xa0040210: The file could not be accessed" still shows up on the scan. Not sure if this is bad or may be causing my problem. When I turn on the computer the computer "pauses" for about 30 second intervals when I cant move the mouse or anything. It also will not connect to the internet. The "pausing" goes away when I disable my ethernet card. The internet has worked fine on the computer up until now and still works on my other computer. If I wait long enough, it will pop up as having "limited or no connectivity" and still not connect to the internet. The problem computer is a Dell from 2001 with Windows XP Home Edition, Netgear FA311 Fast Ethernet Adapter. I USE a free anti-virus software obtained from my University which updates online every day. It is Sophos version 6.5.8. The ISSUE is how to connect to the internet, if it is a virus problem. Any ideas or any additional information that I can furnish? Thanks for your help. ipconfig /all for DESKTOP Windows IP Configuration Host Name . . . . . . . . . . . . : jimmy Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter LOCAL Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NETGEAR FA311 Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-02-E3-20-4C-48 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : Tuesday, August 14, 2007 9:26:29 PM Lease Expires . . . . . . . . . . : Wednesday, August 15, 2007 9:26:29 P http://www.saviour-pc.com/forums/view.php?pg=malware_guide just use your laptop to get the programs you need http://www.saviour-pc.com/forums/view.php?pg=win_guide that one will help clean up your computerFirst of all, mmf.sys is a valid file. It's part of program called eLicense. eLicense is used in some shareware and commercial software to manage licensing. You may have some freeware or trialware installed which is licensed by this program. You may need to reinstall it. Then follow unlovedwarrior's advice. Post back with results please...It worked great thanks. I ran the cleaner and that fixed it, thanks so much for your help.thats goodAs this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1091.	Solve : Strange - Browser Issues?
Answer» Hello, I have a strange problem when browsing certain websites. After I have just started my computer I can access websites like Google and Yahoo but after about 5 minutes I can’t access them. Does anyone know if this is likely to be a virus blocking my access to these well known sites? Or is it more likely to be something else? I realised there might be an issue with my firewall or spy WARE remover denying access to these sites. I haven’t changed any of the setting on them recently and it worked fine until a few days ago. I don’t think it’s a problem with my connection because other sites work fine There is not an error message. It just shows the usual screen in the browser when a website address is not correct etc. Any suggestions on what this could be or how I can solve it would be greatly appreciated. Thanks in advance Barbarossa When you say "Can't access them", what error etc is thrown? I'll assume IE and a 404 error - If you hold down the CTL key and hit F5, can you access them then? What security software (AV/anti malware/firewall etc) is in place? Are any extra toolbars such as those from Google and Yahoo etc installed?Thanks for your Swift Reply Backdated, The error message you identified is the one I get. I have never installed or used any of the search engines toolbars. I have used the following security software in CONJUNCTION with each other without any problems for over a year: Webroot Spy Sweeper Norton Antivirus Professional 2004 (I updated it online in January) Zone Alarm I noticed another symptom (It might not be related) the icons on my desktop have a black shadow around them. From past experience it meant there was something installed on my desktop I check this by looking at the web tab In desktop items…nothing had been installed from what I could tell. Thanks again Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done. If possible, zip the logfile and attach it rather than post it.Do you have that little passage of text ready on your clipboard? Only joking it looks like you do a great job helping people on this forum!! Thanks for that info will have to do that when I get home (at work now). Thanks again ACTUALLY, I have it in a text file on the desktop! I know, from everyday experience, that the vast majority of SYSTEMS are infected with something or have had infections erroneously removed. A few years ago, most problems were (legitimate) software or hardware based. It's a very sad indictment that today, without seeing or having any details of a machine, I can assume that some form of malware is the problem and I'll be correct in that assumption almost 100% of the time. There are massive ammounts of money being made from the proliferation of malware (Probably billions of pounds in the last 2 or 3 years alone). There is also an almost infinite supply of unsuspecting computer users who are helping these criminals "earn" that money. Until that loop can be broken and users are educated in the ways of safe computing, that situation will sadly continue.

Discussion

1092.	Solve : Please Help:I have a big problem with this: bL4CK p3G4SuS s0CI3TY 0F h4CK3RS?
Answer» Hi, Recently my computer has VIRUSES and trojans and it disabled my Computer Management, my Search button, it also it prompts that my computer has no firewall even though it is enabled, the My Documents folder has a hand under it. When you right click My Computer and Click Properties the "Registered to"was changed to this: bL4CK p3G4SuS s0CI3TY 0F h4CK3RS Unlimit3d instead of name on it. What is happening? I have really no idea. My OS is Windows XP Professional, I already dowloaded spybot, avg and lavasoft. I also have a mcaafee installed still nothing happened. Please help me.. thank you very much in advancePost a Hi jack this scan .... Have you RAN the scans with spybot avg in safe mode ?? I havent tried it. I will TRY it... By the way, i just a beginner in COMPUTERS so please dont be too much technical... thanks very muchAny thing you dont understand just shout at me How many torrent scarfed programs are installed on that machine ? ?

Discussion

1093.	Solve : Hijack This log report....?
Answer» Here is the log from Hijack This... Does this tell us anything? Unfortunatly, i'm trying to get some imortant info out for my business.. and i'm not able to...Something ALWAYS happens at the WORST TIMES!!! Any help would be greatly appreciated. Thanks! Logfile of HijackThis v1.98.2 Scan SAVED at 1:03:07 PM, on 10/2/07 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet EXPLORER v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F1 - win.ini: run=hpfsched O2 - BHO: Google Toolbar HELPER - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &AMP;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\pmremind.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll O12 - Plugin for .MOV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16d655a93cc29eff1e23/netzip/RdxIE601.cab What exactly are you trying to find out? Are you having any actual problems with the computer in question? The only issue I see is that you need to update your Java and you're lacking a firewall. You're also using an old version of HijackThis. Get a more reliable version here.

Discussion

1094.	Solve : big problem with norton?
Answer» It appears you still seem to have issues......... Give this a try and see if it cleans things up . Tools needed for this fix: Vundo Fix VirtumundoBegone O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\mljjk.dll O20 - Winlogon Notify: mljjk - C:\WINDOWS\system32\mljjk.dll Note: This fix only applies to Vundo infections where the O2 entry contains MSEvents or ATLDistrib. Preperation Steps: Please do both of the following before we start: 1. Please print these instructions as they will be needed later when Internet access is not available. 2. Save these instructions in word or notepad to the desktop where they can be easily found. Removal Steps: Download VundoFix.exe and save it to your desktop. Double-click VundoFix.exe to run it. Place a check in the checkbox labeled Run VundoFix as a task. You will receive a message stating that VundoFix will close and re-open in a MINUTE or less. When VundoFix REOPENS, click the OK button. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click the OK button. When the computer has shutdown, turn your computer back on. The Winfixer/Vundo infection should now be cleaned from your computer. If you are still having a problem then please proceed to Step 2. This step should only be used if the instructions in Step 2 did not remove the infection. Download VirtumundoBegone and save it to your desktop. VirtumundoBegone Reboot your computer into Safe Mode Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions. Exit when it has finished Hopefully , that should have done the trick . dl65 This is not a full LOGFILE! Carry out the procedures listed [highlight]in this post[/highlight] and post a HIJACKTHIS logfile here when done. If possible, zip the logfile and attach it rather than post it.

Discussion

1095.	Solve : Can computer viruses coming in from the internet affect other executables??
Answer» I gave a PERSON a Skype executable. He now accuses me of having given him a VIRUS infected Skype executable. Is it possible that he picked up a virus via the Internet which then infected his Skype executable? YES, there is one of many i have SEEN listed http://www.cbc.ca/technology/story/2007/09/10/tech-skype.html?ref=rssIt's possible that you did indeed give him an infected file. It's also possible that it became infected after he downloaded it. What makes him so certain that it's infected?

Discussion

1096.	Solve : pop ups and other such nonsense?
Answer» Hey, First I would like to apologize if this issue has already been addressed on another thread. i am at work and I am desperate for HELP because I need to have fast access to my computer and my IT guy has not been able to help thus far. Basically what happens is I get a million popups if I do not go into my advanced privacy settings on my tools and change it to not accept cookies unless I appove it. That is only a temp fix though. What happens is if I open a new window it does whatever it wants. I get crazy pop ups. Also what will happen is after some time (not sure how long) The settings will change back on their own to accept all cookies and then it goes bezerek. The stuff I get runs the gamant, the last few were for everything from find your true love to download win antivirus for 2007 for free (that one is the worst) I have ran the Symantec virus program I have on the system and it only quarantined two things. I also have pop up blocker that came with the system turned on and have done just about all I can think of to do. Also I checked for updates on Microsoft's website and it added windows malicious software removal tool, cumulative security update for IE for WIN XP, and security update for IE 7 WIN XP. I am not the worlds most computer literate person so it DOESNT mean I have done all possible I could do. Anything you GUYS could suggest would be great. I just ask you one favor, write it like I am a moroon and have no clue. Seriously. I am more a visual learner then a reading learner. I know my limitations at least right ? LOL Anything you guys can help would I appreciate it very much. Thanks for looking out for those who arent as well , how do i put it without offending ? Computer savy as yourselves ! Please take a LOOK at the this: Malware Guide Please let me know if this of any help. I'll be more than happy to answer any questions you MAY have about it.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1097.	Solve : INFORMATION REQD ON VIRUSES?
Answer» NEED some information on the following. I have been using norton antivirus on a work pc. It came up with 2 infections with the following file names. 1. tester1[1].dat(location c\TEMPORARY internet files... 2. dc46.exe (location c\Recylers ... What type of files are these? Norton has characterised them as a trojan cant seem to find information them on the norton database, Mcafee, and AVG. Can anyone please let me know anything about them. cheers THE SAINTWhy not simply delete them? It looks like #2 can be destroyed by emptying the Recycle Bin, and If you delete everything in the temporary internet files, and CLEAR the bin again you should be able to get rid of it, at least for now.dilbert, I have DONE that. Which brings me to another question. how do i effectively get rid of these temporary internet files? used the method from the tools drop down menu in Internet explorer. Also used the disk cleanup in accessories system tools... but even though it shows 0kb, when i click view files I can see several of these files. cheers THE SAINTccleaner from www.ccleaner.com. It's free and it WORKS. Thanks, will try it outIndeed, I swear by it. I was in a hurry, however, and forgot to mention it. Thanks, GX1_Man.

Discussion

1098.	Solve : Cant Access Pc, Wont boot any mode or system disk?
Answer» Hi All, Please Help . Im sure its viral but may be wrong, win xp sp 2 amd xp3000 I THOUGHT i had a virus when not fully covered by malware and virus software. LONG STORY. the crux of it is I now cant access my pc at all other than the bios settings. When you boot normally a message appears while booting ........... windows\system32\config\system.......... missing or corrupt............. you are at this point prompted to use system disk to repair etc. When I tried to boot from my cd I et as far as the same message ( yes it is booting from cd and not HDD ) I can't boot in safe mode as when the menu comes up after hitting F5 it will not let me select another option. I even have tried re-formatting as above but as I said the same system missing or corrupt message appears. I cannot therefore access my PC other than to the bios setting. incidentally during boot up I have noticed the Hz changed on its own such that the processor was registering as 2200, ( should be 3000 ) I have chenged this back but this did not help. any ideas ?? thanks alan c. :-?I think you have lost your bios settings, go into bios setup and load bios defaults and save and quit then try INSTALLING XP. CigarmanHi Mr King Edward ( my favourite cigar when i used to smoke ). Tried it already -- no joy. I am sure this is a virus. Early days the first thing that happened was I could not get into safe mode also frequency changed on its own to indicate a different processor . Its all gone pete tong ( wrong ) from then on. there seems to be no way of even getting in to re-format , unless.............Is it possible to use a boot floppy i.e. from win 98 ( not win xp cd ) to boot up and format c:\ then re-start with xp cd. or other suggestions would be appreciated. thanks for reply alan c.If you are able to get into the bios , reset bios to default settings , then change the boot sequence to cd-rom 1st boot. Then put your win xp cd in the cd-rom and reboot the pc ..........it should boot and allow you to do a format and a complete reinstall. dl65 thx for reply man, tried it already , it comes up with same message as booting normally, yup it is booting from cd first , but still says windows\system32\config\system.............. missing or corrupt.......... im puzzled. :-)Is there anything on the hard drive ? You have an original winXP cd dont you. dl65 yup, genuine windows xp. its a mesh computer sysem cd with windows xp. im stumped, can i re-format from a win 98 floppy disk. dont know where ill get 1. then re-format the hard drive and hopefully re-install the xp system . help alan c , As I said in my first message, I have set up boot order for cd drive to boot first, but, it still comes up with same message ? cheers alan c HelpMaBoab.... You were asked ....... Quote Do you have a genuine Windows CD or a restore disk? you replied ......yup, genuine windows xp. and then you added .....its a mesh computer sysem cd with windows xp. You must have a restore disk......... Is this the cd which came with your computer or did you aquire it somewhere else ? An original Win XP cd only contains the M/S XP O/S and Service packs . dl65 APOLOGIES for my ignorance in this, and I appreciate your help. I have 2 pc's one is a mesh original the other is not. The mesh 1 is the one I am typing this reply on. I only have the 1 cd. ( this is an original official mesh system disk with everything on it including such as microsoft works and windows xp ). If I try it on this pc to see if it boots from cd will I cause any probs. i.e. will options allow me to leave this pc without any changes. thanks for your patience alan cIm afraid not. the INFECTED pc came with pre-installed win xp . bought it on the cheep thru e-bay. ( regretted it ever since ) Am i right in saying this is why the cd is not working ? any suggestions as to how to proceed thanks again alan c eureka, its a start, During the process you described in your last reply, the cd would not boot up. I have just realised I have had a homerism, My wife bought my son one of these fancy keyboards which lights up. It also does not work until the pc is fully booted up. DOH !! The mesh recovery / system cd I have now works , you recommended I do not use it ? is it possible to use it in the short term to get him back up and running ? if so what course of action would you recommend ? It is currently sitting on awaiting my command with 3 options. the option the pc tells me to pick is the press " r " to go to repair / recover menu. personally i would be happy to re-format the whole lot........... any advise would be appreciated, otherwise thanks again for your assistance in this. It has been a learning curve as I have not looked at pc's since dos 5.0 cheers alan c hi, the original machine is the mesh, win xp system amd xp1800 processor 40 gig nvidia mx-400 graphics card sound blaster 5.1 the new pc which has gone pear shaped.. amd xp 3000 120 gig nvidia 5200 onboard sound . correct me if im wrong I have nothing to loose if i try because the machine is riddled with viruses and malware such that even before it went totally wrong I could not !!!!!!!!!!!!!!!!! just realised something here . I cant boot in safe mode POSSIBLY because of that dam stupid key board that my son was using. im away to try and install anti mal ware and norton av, can this be done in safe mode ? as when i try in normal mode a virus is possibly kicking norton av out during load up. thanks again,,, im due you a g few beers. alan cI can now get into the safe mode menu and pick safe mode unfortunately the pc still has the message relating to the system file is corrupt or missing. recovery cd worth a try ? cheers alan cbackdated, many thanks for your help, I think I need to buy a win xp cd, the pc wont boot at all now I think the mesh cd wiped th eboot sector something like that . cheers again for your time on this alan c

1098.

Solve : Cant Access Pc, Wont boot any mode or system disk?

Answer»

Hi All, Please Help .

Im sure its viral but may be wrong,

win xp sp 2
amd xp3000

I THOUGHT i had a virus when not fully covered by
malware and virus software. LONG STORY.
the crux of it is I now cant access my pc at all
other than the bios settings.
When you boot normally a message appears while booting ...........
windows\system32\config\system.......... missing or corrupt.............
you are at this point prompted to use system disk to repair etc.

When I tried to boot from my cd I et as far as the same message
( yes it is booting from cd and not HDD )

I can't boot in safe mode as when the menu comes up after hitting
F5 it will not let me select another option.
I even have tried re-formatting as above but as I said the same system missing or
corrupt message appears.

I cannot therefore access my PC other than to the bios setting.
incidentally during boot up I have noticed the Hz changed on its own
such that the processor was registering as 2200, ( should be 3000 )
I have chenged this back but this did not help.

any ideas ??

thanks

alan c. :-?I think you have lost your bios settings, go into bios setup and load bios defaults and save and quit then try INSTALLING XP.

CigarmanHi Mr King Edward ( my favourite cigar when i used to smoke ). Tried it already -- no joy. I am sure this is a virus. Early days the first thing that happened was I could not get into safe mode also frequency changed on its own to indicate a different processor . Its all gone pete tong ( wrong ) from then on. there seems to be no way of even getting in to re-format , unless.............Is it possible to use a boot floppy i.e. from win 98 ( not win xp cd ) to boot up and format c:\ then re-start with xp cd. or other suggestions would be appreciated.

thanks for reply

alan c.If you are able to get into the bios , reset bios to default settings , then change the boot sequence to cd-rom 1st boot. Then put your win xp cd in the cd-rom and reboot the pc ..........it should boot and allow you to do a format and a complete reinstall.

dl65 thx for reply man, tried it already , it comes up with same message as booting normally, yup it is booting from cd first , but still says windows\system32\config\system.............. missing or corrupt.......... im puzzled. :-)Is there anything on the hard drive ?
You have an original winXP cd dont you.

dl65 yup,
genuine windows xp.
its a mesh computer sysem cd with windows xp.
im stumped,
can i re-format from a win 98 floppy disk.
dont know where ill get 1.
then re-format the hard drive and
hopefully re-install the xp system
.

help

alan c ,

As I said in my first message, I have set up boot order for cd drive to boot first, but, it still comes up with same message ?

cheers

alan c HelpMaBoab.... You were asked .......
Quote

Do you have a genuine Windows CD or a restore disk?

you replied ......yup, genuine windows xp. and then you added .....its a mesh computer sysem cd with windows xp.
You must have a restore disk......... Is this the cd which came with your computer or did you aquire it somewhere else ?
An original Win XP cd only contains the M/S XP O/S and Service packs .

dl65

APOLOGIES for my ignorance in this, and I appreciate your help.

I have 2 pc's one is a mesh original the other is not. The mesh 1 is the one I am typing
this reply on.

I only have the 1 cd. ( this is an original official mesh system disk with everything on it including
such as microsoft works and windows xp ).

If I try it on this pc to see if it boots from cd will I cause any probs. i.e. will options allow me to leave this pc without any changes.

thanks for your patience alan cIm afraid not.
the INFECTED pc came with pre-installed win xp .
bought it on the cheep thru e-bay.
( regretted it ever since )

Am i right in saying this is why the cd is not working ?

any suggestions as to how to proceed

thanks again

alan c

eureka, its a start, During the process you described in your last reply, the cd would not boot up.

I have just realised I have had a homerism, My wife bought my son one of these fancy keyboards which lights up. It also does not work until the pc is fully booted up. DOH !!

The mesh recovery / system cd I have now works , you recommended I do not use it ?
is it possible to use it in the short term to get him back up and running ?
if so what course of action would you recommend ?
It is currently sitting on awaiting my command with 3 options.

the option the pc tells me to pick is the press " r " to go to repair / recover menu.

personally i would be happy to re-format the whole lot...........

any advise would be appreciated, otherwise thanks again for your assistance in this.
It has been a learning curve as I have not looked at pc's since dos 5.0

cheers

alan c hi,

the original machine is the mesh,

win xp system
amd xp1800 processor
40 gig
nvidia mx-400 graphics card
sound blaster 5.1

the new pc which has gone pear shaped..

amd xp 3000
120 gig
nvidia 5200
onboard sound .

correct me if im wrong
I have nothing to loose if i try because the machine is riddled with viruses and malware
such that even before it went totally wrong I could not !!!!!!!!!!!!!!!!! just realised something here .

I cant boot in safe mode POSSIBLY because of that dam stupid key board that my son was using.

im away to try and install anti mal ware and norton av, can this be done in safe mode ?
as when i try in normal mode a virus is possibly kicking norton av out during load up.

thanks again,,, im due you a g few beers.

alan cI can now get into the safe mode menu and pick safe mode
unfortunately the pc still has the message relating to the system file
is corrupt or missing.

recovery cd worth a try ?

cheers

alan cbackdated, many thanks for your help, I think I need to buy a win xp cd, the pc wont boot at all now I think the mesh cd wiped th eboot sector something like that .

cheers again for your time on this

alan c

Discussion

1099.	Solve : My Icons names have mysteroiusly Changed?
Answer» I happend to notice 2 of my desk top Icons names are no longer, They have new names like thdbhsrhf,Indication of a virus of some sort.One is my Computer ICON and he other is my Internet Explorer Icon,I deleted the IE but what can I do about my Computer folder and what can I run to fix this here is my log below.im new here so I didnt know where to post my log ogfile of HijackThis v1.99.1 Scan saved at 8:00:13 AM, on 9/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Command Software\dvpapi.exe c:\program files\mcafee.com\AGENT\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\wscntfy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe C:\WINNT\system32\rundll32.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/DigiClasses/SignedClient.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Dice - http://download2.games.yahoo.com/games/clients/y/dct4_x.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation TOOL) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.99/cab/aolpPlugins.10.6.0.6.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133466718609 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141173620203 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4992/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: avgwlntf - avgwlntf.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe Run chkdsk /r and rescan with your protection apps. List what apps you ran and what they found along with a new HJT log....Ok I tried to run it and I got this message This type of file system is NTFS cannot lock curent drive. CAN NOT RUN Because the volume IS IN use by another processit sure ask you to do it on reboot... a black box sure pop up and ask and you enter y then press enterHere it goes,Hopefully you find something Logfile of HijackThis v1.99.1 Scan saved at 9:07:48 AM, on 9/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Command Software\dvpapi.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINNT\System32\svchost.exe C:\WINNT\wanmpsvc.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\wscntfy.exe C:\WINNT\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/DigiClasses/SignedClient.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Dice - http://download2.games.yahoo.com/games/clients/y/dct4_x.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.99/cab/aolpPlugins.10.6.0.6.cab O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133466718609 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141173620203 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4992/mcfscan.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe http://www.saviour-pc.com/forums/view.php?pg=malware_guide read and follow http://www.saviour-pc.com/forums/view.php?pg=win_guide sameDue to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

1100.	Solve : What is this?!?
Answer» I ran a scan on my spybot and it found something called....Pipas.....I remove it using spybot but it keeps finding it... You need to remove malware in safe mode with system RESTORE turned off. OTHERWISE you just get reinfected.how do I remove it?Turn off System Restore Update Spybot and immunize the system. Restart the computer and tap the F8 key a few times BEFORE you see the WINDOWS logo. Then choose safe mode and run Spybot and remove the ITEM(s). Then reboot and run it again. If gone, turn system restore back on.

Discussion

Explore topic-wise InterviewSolutions in .

Solve : Mother Board replacement?

Solve : Annoying Popups?

Solve : help with virus please?

Solve : recomend??

Solve : ultraVNC 1.0.2 RAT !!!?

Solve : Display Settings....?

Solve : D:/ Virus? Please help~!?

Solve : Need help with my comp...?

Solve : Keep getting Micosoft error boxes?

Solve : Hijack This logfile, please check?

Solve : windows xp avg anti virus?

Solve : Here is my HijackThis log?

Solve : Trouble installing antivirus program?

Solve : free spyware??

Solve : one scan says infected and another one no?

Solve : Computer Security Career?

Solve : info on antispyware needed..?

Solve : Trojan??

Solve : System Restore and Trojan Horse Infection?

Solve : My retarded comp keeps spontaneously freezing. Please help!?

Solve : ive tried every program but cant get rid of pop up?

Solve : Yahoo! problems?

Solve : trojan attack?

Solve : Are virus and spyware consider as malwares??

Solve : Slow after removing Trojans?

Solve : Help with TrojanDownloader removal, please...?

Solve : Ad-Aware problems.?

Solve : Pure Hole Hole?

Solve : SpyFalcon won't go away?

Solve : I need help ASAP!?

Solve : clueless?

Solve : Santa Claus?

Solve : Viruses and Spyware problems?

Solve : Having problems can someone look at my HJT log???

Solve : Error SWNC5E00?

Solve : issue with images on computer?

Solve : question on reformatting harddisk?

Solve : can someone check my HJT log???

Solve : Help identifying entries?

Solve : Internet Not Working, Virus??

Solve : Strange - Browser Issues?

Solve : Please Help:I have a big problem with this: bL4CK p3G4SuS s0CI3TY 0F h4CK3RS?

Solve : Hijack This log report....?

Solve : big problem with norton?

Solve : Can computer viruses coming in from the internet affect other executables??

Solve : pop ups and other such nonsense?

Solve : INFORMATION REQD ON VIRUSES?

Solve : Cant Access Pc, Wont boot any mode or system disk?

Solve : My Icons names have mysteroiusly Changed?

Solve : What is this?!?