Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Crashed - Files Changing - Ie Super Slow


  • This topic is locked This topic is locked
35 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 05 August 2007 - 01:26 AM

Hi Everyone,

I've got some un-known evil entity running amuck in my system. Several months ago I suffered a catastrophic system failure that forced me to take my machine into a repair shop.

They did a data recovery, provided me with a CD and I took my PC home. When I powered it up I found some kind of disk still in the CD RW drive. I removed it and rebooted my machine as I prepared to do a system restore.

But to my surprise Windows opened as though nothing had ever been wrong with it so I put my restore disk away and stuck the data recovery disk in the drive to see what was on it...It killed my D drive, killed as in stole its drive letter out of my start menu.

I rebooted and my D drive letter was back. It did the same thing in the E drive and I had to reboot for my drive to be accessible again. I never was able to use that disk on my machine because all it would do was kill whichever drive I put it in.

Then I started going through the files in the My Documents folder...The first thing I see is a brand new file named "LETS F**K NOW", and the F word was spelled out too. I deleted that bugger real quick without even trying to open it.

OK so that was the start of my troubles. I honestly fear that one of those Techs put something in my system that's giving me grief.

At that same time 98 % of all of the files listed in the add/remove programs window went missing and a whole lot of stuff just up and appeared.

This post http://www.bleepingcomputer.com/forums/ind...mp;#entry584546 <-- describes my most recent problem. Right now IE is taking over a minute to open and load my home page and I have DSL. It also gets stuck trying to open pages or even when backing up to the last page visited.

Today while I was getting a document ready to post online I found this --> http://mojo.calyx.net/~olsen/MEDICAL/YOUNG/young <-- stashed away in the middle of the document.

If you click on it as it is you get an error page, but if you delete the last part of it so that it reads http://mojo.calyx.net it takes you to someones web page who has just installed OpenBSD and gotten their Apache server setup. After doing a little Googling I tracked the ~olsen part down to this web site --> http://mojo.calyx.nl/~olsen/ .

How the heck did that URL manage to hide itself in my document?

Anyway, I ran ATF, CleanUp, and Crap Cleaner to get rid of my trash. Then I ran Anti-Virus scans with several different scanners and they all came back clean. SpyBot came back clean too, however, SuperAntiSpyWare found something that it recognized as being evil so I quarenteened it.

Here is my HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 5:53:26 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\ADMIN\Desktop\idblasterplus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\1-Click Answers\answers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CallWave\IAM.exe
C:\1-CLIC~1\agtserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=lacalhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: 1-Click Answers.lnk = C:\1-Click Answers\answers.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\1-Click Answers\answers.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk.disabled
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O4 - Global Startup: Savant Web Server.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Is there a grinch hiding somewhere in all of that?

Thanks for any help.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 15 August 2007 - 09:11 PM

Hello Wendy,

I am SifuMike and I will be helping you. :thumbsup:

I see no malware in you log, but we do some clean up.


Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Reboot your computer.

Also, I do see that you have two registry protectors running: Spybot Teatimer and SpywareGuard. Running two registry protectors will slow your computer, so I recommend you uninstall SpywareGuard.






Lets check deeper.

You will need to use Internet Explorer for this scan.
Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


******************

Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop.
    A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

When done, submit the BitDefender log, the AVG Anti-Spyware 7.5 log and a fresh Hijackthis log.

Edited by SifuMike, 15 August 2007 - 09:17 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 16 August 2007 - 10:28 PM

Hi SifuMike, Thanks for the reply.

OK, I ran HJT and deleted that file. Then I did the BitDefender thing and saved the report but I don't have any faith in that sucker as it didn't detect my virus test file :thumbsup: .

Then I snuck over into safe mode and ran the AVG scan and saved the report. Then rebooted, ran HJT again and saved its log. Here are all of the logs that you asked for.

BitDefender Online Scanner



Scan report generated at: Fri, Aug 17, 2007 - 01:28:50





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
00:15:25

Files
50992

Folders
4530

Boot Sectors
2

Archives
0

Packed Files
0




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
0

Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins
0

Archive plugins
2

Unpack plugins
0

E-mail plugins
0

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.

*********************************************************************************************


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:39:34 AM 8/17/2007

+ Scan result:



C:\Documents and Settings\ADMIN\Desktop\TEST FILES\eicar.com -> Not-A-Virus.Test.Eicar : Ignored.
C:\Documents and Settings\ADMIN\Desktop\TEST FILES\eicar_com TEST.txt -> Not-A-Virus.Test.Eicar : Ignored.
C:\Documents and Settings\ADMIN\Desktop\TEST FILES\eicar_com.zip/eicar.com -> Not-A-Virus.Test.Eicar : Ignored.


::Report end


*****************************************************************************************



Logfile of HijackThis v1.99.1
Scan saved at 3:51:56 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\mHotkey.exe
C:\Documents and Settings\ADMIN\Desktop\idblasterplus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\1-Click Answers\answers.exe
C:\1-CLIC~1\agtserv.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=lacalhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Startup: 1-Click Answers.lnk = C:\1-Click Answers\answers.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\1-Click Answers\answers.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Monitor Apache Servers.lnk.disabled
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: Savant Web Server.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



OK I think that is everything that you had asked for.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 16 August 2007 - 10:43 PM

Hi Wendy,

Your Hijackthis log looks clean, as is the BitDefender and AVG antispyware log. :thumbsup:

Lets dig deeper and see if we find anything. :flowers:



Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a log file will turn up. Copy the contents of the log into the thread.

Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn off your security programs while rootchk is scanning (you should then unhook your network connection as well)

*************************

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 17 August 2007 - 12:43 AM

Hi SifuMike, Thanks for the reply.

OK I did the rootchk thing and then started to do the combofix thing but it seems to me as though something might not be right.

Every time I click on that thing my Home page and IE search bar gets changed and scrnsav.exe gets deleted. Whats going on? Is that suppose to happen when I double click on the icon to start combofix?

So far I have denied all of the changes and shut down combofix. What is --> C:\windows\system32\ssmypics.scr <--? Is that something evil?

I have only let combofix run to the point where it says type 1 to continue or 2 to abort because I don't know if whats happening is supposed to happen or not.


Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 17 August 2007 - 01:16 AM

Hi Wendy,

What is --> C:\windows\system32\ssmypics.scr <--? Is that something evil?

No, not something evil. It is for My Pictures Slideshow Screensaver :flowers:


OK I did the rootchk thing and then started to do the combofix thing but it seems to me as though something might not be right.


If you did the rootchk then please post the log.

Every time I click on that thing my Home page and IE search bar gets changed and scrnsav.exe gets deleted. Whats going on? Is that suppose to happen when I double click on the icon to start combofix?


The scrnsave being refered is not the physical file. It's a registry setting. ComboFix doesn't directly adjust it but it occurs when a system refresh is done.

You lost me. :thumbsup:
What "thing" are you talking about? Rootchk or ComboFix? ComboFix will NOT change the home page, it will only remove malware entries.

Disable Teatimer while you are running ComboFix, as it will prevent any change to your registry.
To disable Spybot's Teatimer:

Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

Be sure to enable Teatimer when you are done running ComboFix.

Edited by SifuMike, 17 August 2007 - 11:57 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 17 August 2007 - 03:19 PM

Hi SifuMike, Thanks for the reply.


Thanks for the information on C:\windows\system32\ssmypics.scr, I wasn't sure what it was. OK so "Why" is it getting deleted every time that I click on the combofix icon?


--> You lost me. What "thing" are you talking about? Rootchk or ComboFix? ComboFix will NOT change the home page, it will only remove malware entries. <--

I was talking about combofix...every time that I click on its icon I get that series of three alerts saying that my Home page has been changed, that IE SearchBar has been changed, and that scrnsav.exe has been deleted.

And all of that happens before combofix ever gets loaded too. So I haven't actually run combofix yet. So is all of that supposed to happen like that? I'm asking because I have used combofix before and it didn't cause any alerts to be generated when I clicked on its icon.

Here's the rootchk log.

********************************* ROOTCHK-(15-08-07)-LOG, by ejvindh
2007-08-17 20:41:52.87

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 20:41:55
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0


Thanks,

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 17 August 2007 - 03:31 PM

I was talking about combofix...every time that I click on its icon I get that series of three alerts saying that my Home page has been changed, that IE SearchBar has been changed, and that scrnsav.exe has been deleted.



Alerts from what program? Is it from teatimer? Or is it from one of your antimalware programs? You need to disable Teatimer before you run ComboFix.
ComboFix does not change home pages and IE SearchBars, only removes malware.

Just go ahead and run ComboFix and post the log. Disable Teatimer before you run it and make sure you run a current version of ComboFix, as it is updated frequently.

Edited by SifuMike, 17 August 2007 - 05:29 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 17 August 2007 - 09:50 PM

Hi SifuMike, Thanks for the reply.

I'm not doubting that combofix only removes malware but these are the alerts that I keep getting just as fast as I click on the combofix icon and the fact that they only pop up when I try to start combofix is worrying me.

SPYWAREGUARD Alert --> IE search bar has been changed; IE homepage has been changed

SpyBot Alerts --> Browser page Value deleted Search Bar; NT startup Value deleted load; Desktop settings Value deleted scrnsave.exe C:\WINDOWS\System32\ssmypics.scr

That's what I'm asking about. Why does that happen? Is that what's supposed to happen? or is something wrong? As for which combofix I have, I got rid of my old one and downloaded the one that you gave me the link to so I guess I have the latest one.

I'm sorry for being such a pain in the toochis about this but that stuff [what's happening when I start combofix] is worrying me.

Thanks,

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 17 August 2007 - 10:03 PM

I have told you several times to disable Spybot teatimer before running ComobFix. Why do you have it still active?

Disable SpywareGuard also.

Also, you should never have two registry protectors (Spybot Teatimer and SpywareGuard) running at the same time, as they will slow your computer. One is more than enough registry protection.

Edited by SifuMike, 17 August 2007 - 10:15 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 18 August 2007 - 12:22 AM

Hi SifuMike, Thanks for the reply.

--> I have told you several times to disable Spybot teatimer before running ComobFix. Why do you have it still active? <-- well actually because you never answered my question about it.

That aside here's that log, and boy is it long too.

ComboFix 07-08-14.4 - "ADMIN" 2007-08-18 5:43:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-17 05:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-17 00:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-16 00:02 <DIR> d-------- C:\Program Files\Vidalia Bundle
2007-08-15 23:58 <DIR> d-------- C:\Program Files\Vidalia
2007-08-15 23:48 <DIR> d-------- C:\DOCUME~1\ADMIN\APPLIC~1\Vidalia
2007-08-14 21:59 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-14 21:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-14 07:14 <DIR> d-------- C:\Program Files\TRANSLATOR
2007-08-09 05:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-08 05:05 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-08-08 05:05 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-08 05:05 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-08-08 05:05 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-08-08 05:05 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-08 05:05 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-08-08 05:05 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-08-08 05:05 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-08 05:05 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-08-08 05:05 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-08-08 05:05 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-08 05:04 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-08 05:04 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-08-08 05:04 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-08-08 05:04 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-08-08 05:04 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-08-08 05:04 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-08-08 05:04 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-08-08 05:04 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-08-08 05:04 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-08-08 05:04 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-08-08 05:04 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-08 05:04 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-08 05:04 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-08 05:04 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-08-08 05:04 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-08-08 05:04 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-08-08 05:04 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-08-08 05:04 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-08-08 05:04 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-08 05:04 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-08-08 05:04 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-08-08 05:04 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-08-08 05:04 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-08-08 05:04 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-08-08 05:04 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-08-08 05:04 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-08-08 05:04 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2007-08-08 05:04 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-08-08 05:04 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-08-08 05:04 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-08-08 05:04 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-08-08 05:04 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-08-08 05:03 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-08-08 05:03 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2007-08-08 05:03 82,432 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-08-08 05:03 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-08-08 05:03 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-08-08 05:03 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-08-08 05:03 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-08-08 05:03 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-08-08 05:03 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-08-08 05:03 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-08 05:03 53,760 --a--c--- C:\WINDOWS\system32\dllcache\sw_wheel.dll
2007-08-08 05:03 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-08-08 05:03 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-08-08 05:03 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-08-08 05:03 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-08-08 05:03 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-08-08 05:03 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-08-08 05:03 41,472 --a--c--- C:\WINDOWS\system32\dllcache\sw_effct.dll
2007-08-08 05:03 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2007-08-08 05:03 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-08-08 05:03 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2007-08-08 05:03 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-08-08 05:03 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-08-08 05:03 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2007-08-08 05:03 32,384 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-08-08 05:03 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-08-08 05:03 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2007-08-08 05:03 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2007-08-08 05:03 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-08-08 05:03 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2007-08-08 05:03 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2007-08-08 05:03 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-08-08 05:03 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-08-08 05:03 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-08-08 05:03 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2007-08-08 05:03 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-08-08 05:03 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-08-08 05:03 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-08-08 05:03 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-08-08 05:03 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-08-08 05:03 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2007-08-08 05:03 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2007-08-08 05:03 21,896 --a--c--- C:\WINDOWS\system32\dllcache\tdipx.sys
2007-08-08 05:03 19,464 --a--c--- C:\WINDOWS\system32\dllcache\tdspx.sys
2007-08-08 05:03 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2007-08-08 05:03 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-08-08 05:03 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-08-08 05:03 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-18 03:52 --------- d-------- C:\DOCUME~1\ADMIN\APPLIC~1\tor
2007-08-14 09:21 --------- d-------- C:\Program Files\SpywareGuard
2007-08-14 09:21 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-12 10:57 --------- d-------- C:\Program Files\a-squared Free
2007-08-09 07:32 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-08-09 05:58 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-04 23:19 --------- d-------- C:\Program Files\TrueCrypt
2007-08-04 10:25 --------- d-------- C:\Program Files\ICQ
2007-08-02 11:22 --------- d-------- C:\DOCUME~1\ADMIN\APPLIC~1\SiteAdvisor
2007-07-27 23:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 23:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 23:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 23:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 22:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 22:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 22:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-22 23:18 --------- d-------- C:\Program Files\Jarte
2007-07-12 21:33 --------- d-------- C:\DOCUME~1\ADMIN\APPLIC~1\Yahoo!
2007-07-11 03:27 --------- d-------- C:\Program Files\IrfanView
2007-06-26 16:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 15:09 658944 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 07:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 14:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 03:05 --------- d-------- C:\Program Files\CAM Development
2007-06-19 02:12 --------- d-------- C:\Program Files\a-squared Anti-Dialer
2007-06-14 19:09 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 19:09 615424 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 19:09 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 19:09 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 19:09 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 19:09 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 19:09 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 19:09 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 19:09 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 19:09 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 19:09 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 19:09 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 19:09 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 19:09 1494528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 19:09 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 19:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 19:09 1023488 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 15:07 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 11:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-30 09:06 1269567 --a------ C:\Program Files\Savant31.exe
2007-05-30 08:31 2676 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-05-30 08:29 8972 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-05-29 19:26 4447744 --a------ C:\Program Files\apache_2.2.4-win32-x86-no_ssl.msi
2007-05-29 17:56 26407 --a------ C:\Program Files\cookieculler-1.3.1-fx+mz.xpi
2007-05-29 17:41 6566937 --a------ C:\Program Files\vidalia-bundle-0.1.2.14-0.0.11.exe
2007-05-29 16:53 812936 --a------ C:\Program Files\Google Updater.exe
2007-05-29 16:48 6820544 --a------ C:\Program Files\FirefoxGoogleToolbarSetup.exe
2007-05-29 16:07 2062665 --a------ C:\Program Files\spywareguardsetup.exe
2007-05-29 15:11 15055168 --a------ C:\Program Files\setupeng.exe
2007-05-29 14:40 40738456 --a------ C:\Program Files\zlsSetup_70_337_000_en.exe
2007-05-27 09:11 2181120 --------- C:\Program Files\def.iso
2007-05-27 08:54 140779520 --------- C:\Program Files\abc.iso
2005-12-15 12:03 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 13:18]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 16:42]
"a-squared Anti-Dialer"="C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" [2007-06-19 02:12]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-07 03:26]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 13:00]
"CHotkey"="mHotkey.exe" [2002-07-23 20:09 C:\WINDOWS\mHotkey.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 03:04]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 21:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-02 08:23]

C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\
1-Click Answers.lnk - C:\1-Click Answers\answers.exe [2007-06-04 03:27:48]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
1-Click Answers.lnk - C:\1-Click Answers\answers.exe [2007-06-04 03:27:48]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2007-05-31 20:05:16]
CallWave.lnk - C:\Program Files\CallWave\IAM.exe [2007-07-25 03:50:46]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-29 16:54:05]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-05-29 09:01:40]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2007-05-29 09:01:40]
Microsoft Works Calendar Reminders.lnk.disabled [2002-11-26 21:43:32]
Monitor Apache Servers.lnk.disabled [2007-05-29 19:30:19]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54]
Savant Web Server.lnk.disabled [2007-05-30 10:05:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"S3TRAY2"=S3tray2.exe
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper

R2 a2AntiDialer;a-squared Anti-Dialer Service;C:\Program Files\a-squared Anti-Dialer\a2service.exe
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 SABProcEnum;SABProcEnum;\??\C:\Program Files\Internet Explorer\SABProcEnum.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 05:47:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-18 5:52:08

--- E O F ---
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 18 August 2007 - 02:01 PM

Hi Wendy,

Your ComboFix log looks clean. :thumbsup: I see no malware on this computer.

Are you currently having any problems?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 18 August 2007 - 04:56 PM

Hi SifuMike, Thanks for the reply.

Well yeah two for sure, my PC seems to haven gotten even slower when it comes to opening a browser now than it had been before. It doesn't matter if its IE of FF, both of those suckers are still taking well over a minute to open, and at times they take so long to go anywhere that its like they're stuck and I'll have to stop them and click on the refresh button to get them to load, and it doesn't seem to matter if I only have one browser open at the time or ten.

That BitDefender thing seems to have brought a new problem with it when I downloaded it. For some reason it caused an extra IE icon to appear on my desktop when I saved that log as HTML like you told me to do.

But that's not the bad part...the bad part came later when I had several browsers open doing some research and had noticed that extra Icon and deleted it from my desktop. I just politely closed all of the browsers that I had open at the time.

Then about an hour later it was back again. I deleted it again and again it closed all of the browsers that I had open. Then a couple of hours later its back yet again. This time I made sure that I had all of my work out of the way and deleted it again, and it closed all of my open IE browsers again too.

So far it hasn't popped back up today but I haven't restarted my PC yet today either so I don't know if it'll come back again or not. I'll let you know if it does once I restart my machine.

Hey, and that combofix thing did steal my screen saver settings too. I had to manually reset it today.

Thanks again for your help.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:27 AM

Posted 18 August 2007 - 05:23 PM

Hi Wendy,

Your slowness is not caused by malware, so my guess it is caused by all of the running processes you have, lack of RAM or the applications themselves.

You are still using the old IE6 browser, so I recommend you upgrade to the IE7. It is far more secure than IE6.

How much RAM (memory) do you have on this computer?
To find out how much RAM is in your computer:
click on the Start button.
Select Control Panel.
Select System.
Choose the General tab.
The amount of RAM will be listed near the bottom of the window.



Let's look in a different place for signs.

Open HijackThis
Go to 'config'
Go to 'misc tools'
Press the button 'open uninstall manager'
Press 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.

Let's see a fresh hijackthis log so I can see what processes you dont need.

Edited by SifuMike, 18 August 2007 - 05:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:02:27 PM

Posted 19 August 2007 - 12:15 AM

Hi SifuMike, Thanks for your continuing help here.

I'm not too sure just what is causing the slowness but it has kind of been a come and go problem for a long time now. Actually this latest round of slowness seems to coincide with AT & T's take over of my ISP...BellSouth.

I was cruising along just fine until I got a notice along with my DSL bill telling me that I would triple my browsing speed by turning off my DSL modem after a certain date, thus allowing it to reset itself, and then turning it back on after a certain date.

Curses...and a pox on AT&T!

I do have a bunch of things running that I don't actually need because one of the instructions at the start of this thing is to make sure that you don't have anything disabled when you get started.

But my slowness was there while I had a lot of those processes turned off, so I don't know if they are my problem or not. I would be grateful if you could tell me what I can safely turn off though.

I don't think it is a RAM issue either as this latest round of slowness didn't start until well after I had added a gob of RAM to my system My RAM is currently 736 MB.

Thanks for the recommendation on the IE7 but I tried that awhile back and it almost drove me nuts so I went back to IE6.

OK here's the uninstall log followed by another HJT log.


Adobe Reader 8.1.0
a-squared Anti-Dialer 2.1
a-squared Free 3.0
avast! Antivirus
AVG Anti-Spyware 7.5
AxCrypt (Remove Only)
CallWave
CAM UnZip 4.42
CCleaner (remove only)
getPlus®_ocx
HijackThis 1.99.1
ieSpell
IrfanView (remove only)
Jarte
Java™ 6 Update 2
Java™ SE Runtime Environment 6
McAfee SiteAdvisor
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB936181)
Privoxy 3.0.6
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SUPERAntiSpyware Free Edition
Tor 0.1.2.16
Undelete Plus 2.83
Update for Windows XP (KB938828)
Vidalia 0.0.13
Yahoo! Messenger



I notice that one of my Adobe installations isn't showing up on that list. I just got through updating to the one that is on that list and I don't know how to get rid of the old one as it isn't in the add/remove programs thing. I also see two Java's on that list. I need to get rid of one of those too but here again I don't know how.

I'm also told that I need to update WinAMP, is that really necessary if I never use that thing?

Heres the HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 5:57:48 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\1-Click Answers\answers.exe
C:\1-CLIC~1\agtserv.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\ADMIN\Desktop\idblasterplus.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=lacalhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost, 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Startup: 1-Click Answers.lnk = C:\1-Click Answers\answers.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\1-Click Answers\answers.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: Monitor Apache Servers.lnk.disabled
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: Savant Web Server.lnk.disabled
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Thanks again for your help.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users