Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help New Combo Fix And Hijack This Logs


  • This topic is locked This topic is locked
10 replies to this topic

#1 L A Slim

L A Slim

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 30 August 2007 - 02:42 PM

A continuation of my August 13th problem. Waited a couple days but saw no reply but never checked back. Still having the same problem so did what was asked. See logs below. Still having same problems with hanging windows,windows that freeze, popups,etc,etc. Up to 58 processes running at any one time and Stopzilla found 52 problems and that was only after 30% completed after and hour of running.

ComboFix 07-08-30.3 - "Owner" 2007-08-30 12:43:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\ecurit~1
C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\macromedia\Flash Player\#SharedObjects\XN2WAV8K\www.broadcaster.com
C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\racle~1
C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\WinTouch
C:\DOCUME~1\OWNER~1.GRE\STARTM~1\Programs\Startup\think-adz.lnk
C:\Program Files\svhost
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\tempchk
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\win
C:\WINDOWS\system32\Z1


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-30 12:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 10:24 <DIR> d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\Motive
2007-08-30 10:22 <DIR> d-------- C:\Program Files\STOPzilla!
2007-08-30 10:22 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-08-30 10:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\STOPzilla!
2007-08-30 10:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Motive
2007-08-30 10:13 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-08-30 09:58 26,787 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vetmonnt.sys
2007-08-28 19:59 14 --a------ C:\WINDOWS\inet_token_.dll
2007-08-28 19:56 <DIR> d-------- C:\Program Files\Auction Alert
2007-08-25 21:20 <DIR> d-------- C:\Program Files\Flickr Uploadr
2007-08-14 17:10 225,280 -ra------ C:\WINDOWS\SYSTEM32\SZBase5.dll
2007-08-13 16:18 <DIR> dr-h----- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\yahoo!
2007-08-13 10:36 6,421 --ahs---- C:\WINDOWS\SYSTEM32\prqss.bak1
2007-08-13 09:12 6,421 --ahs---- C:\WINDOWS\SYSTEM32\ybeeg.bak1
2007-08-13 07:35 6,421 --ahs---- C:\WINDOWS\SYSTEM32\ststv.bak1
2007-08-12 21:40 52,752 --a------ C:\WINDOWS\SYSTEM32\mpdsrngo.exe
2007-08-12 21:13 6,421 --ahs---- C:\WINDOWS\SYSTEM32\jjkkj.bak1
2007-08-12 21:07 <DIR> d--hs---- C:\WINDOWS\TWljaGFlbCBQb3VsaW4
2007-08-12 21:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\NetMon
2007-08-09 18:20 28,928 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\SZKG.sys
2007-08-07 13:30 372,736 -ra------ C:\WINDOWS\SYSTEM32\IS3UI5.dll
2007-08-07 13:30 294,912 -ra------ C:\WINDOWS\SYSTEM32\IS3DBA5.dll
2007-08-07 13:30 126,976 -ra------ C:\WINDOWS\SYSTEM32\IS3HTUI5.dll
2007-08-07 13:29 69,632 -ra------ C:\WINDOWS\SYSTEM32\IS3Hks5.dll
2007-08-07 13:29 23,040 -ra------ C:\WINDOWS\SYSTEM32\IS3XDat5.dll
2007-08-07 13:29 184,320 -ra------ C:\WINDOWS\SYSTEM32\IS3Win325.dll
2007-08-07 13:28 94,208 -ra------ C:\WINDOWS\SYSTEM32\IS3Inet5.dll
2007-08-07 13:28 90,112 -ra------ C:\WINDOWS\SYSTEM32\IS3Svc5.dll
2007-08-07 13:28 688,128 -ra------ C:\WINDOWS\SYSTEM32\IS3Base5.dll
2007-07-26 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
2007-07-26 19:58 1,733,461 --ahs---- C:\WINDOWS\SYSTEM32\nqstv.bak2
2007-07-26 07:57 6,467 --ahs---- C:\WINDOWS\SYSTEM32\nqstv.bak1
2007-07-18 00:02 <DIR> d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\Nero
2007-07-17 23:37 <DIR> d-------- C:\Program Files\Nero(2)
2007-07-17 12:21 <DIR> d-------- C:\Program Files\DVD Flick
2007-07-17 12:21 <DIR> d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\DVD Flick
2007-07-17 12:20 <DIR> d-------- C:\Program Files\dvdflick_src_1.2.1.4
2007-07-04 13:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-04 13:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 10:44 1024 --a------ C:\WINDOWS\system32\drivers\3524CB77-BC8B-4118-949C-A12E20CA5BAD.cxv
2007-08-30 10:32 8192 --a------ C:\WINDOWS\system32\drivers\78AAB902-0040-46F7-BF65-6C63022BBF81.cxv
2007-08-30 10:20 --------- d-------- C:\Program Files\Verizon
2007-08-30 09:58 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo!
2007-08-30 09:57 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-08-30 09:57 74864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-08-30 09:57 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-08-30 09:57 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-08-30 09:57 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-08-30 09:57 115824 --a------ C:\WINDOWS\UnVet32.exe
2007-08-30 09:57 111728 --a------ C:\WINDOWS\AVShlExt.dll
2007-08-30 09:57 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-08-30 00:25 --------- d-------- C:\Program Files\Yahoo!
2007-08-20 20:40 --------- d-------- C:\Program Files\Soulseek
2007-08-13 14:30 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2007-08-13 13:46 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.1
2007-08-13 13:46 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.1
2007-08-13 13:46 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.1
2007-08-13 13:45 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.1
2007-08-13 13:45 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.1
2007-08-13 13:45 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.1
2007-08-12 06:01 --------- d-------- C:\Program Files\Microsoft Works
2007-07-31 06:58 --------- d-------- C:\Program Files\PeerGuardian2
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 23:59 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-26 23:58 --------- d-------- C:\Program Files\Ahead
2007-07-18 00:04 --------- d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\Ahead
2007-07-17 12:19 2627362 --------- C:\Program Files\dvdflick_src_1.2.1.4.zip
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-30 15:21 180351392 --------- C:\Program Files\Nero-7.9.6.0_eng_trial.exe
2007-05-17 13:31 41461 --------- C:\Program Files\youtube_plugin-0.9.5.zip
2007-05-12 11:18 5671965 --------- C:\Program Files\gtk+-2.10.6-1-setup.zip
2007-05-12 11:09 7868424 --------- C:\Program Files\gimp-2.2.14-i586-setup-1.exe
2007-04-03 09:46 1488755 --------- C:\Program Files\CM201.exe
2007-03-29 21:40 1488755 --------- C:\Program Files\CM201E.exe
2007-03-29 21:33 1471706 --------- C:\Program Files\CM251E.exe
2007-03-29 21:29 9017092 --------- C:\Program Files\CM42_WIN_ENU_UP.exe
2007-02-08 12:21 14705768 --------- C:\Program Files\DivXInstaller.exe
2007-01-10 16:13 9282056 --------- C:\Program Files\TU2006TrialEN.exe
2007-01-01 22:33 550667 --------- C:\Program Files\dBpowerAMP-codec-flac.exe
2007-01-01 22:33 2167119 --------- C:\Program Files\dMC-r11[1].5.exe
2006-12-02 12:36 1094021 --------- C:\Program Files\dvdshrink32setup1.zip
2006-12-02 12:31 899414 --------- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2006-12-02 12:16 15788438 --------- C:\Program Files\DVD-XCopy-Platinum-with-Crack.rar
2006-11-13 11:21 882489 --------- C:\Program Files\pg2-050918-nt.exe
2006-11-13 11:02 7205986 --------- C:\Program Files\level1.gz
2006-11-13 10:47 131812 --------- C:\Program Files\listdrop-1.0-nt.zip
2006-11-12 01:32 5585184 --------- C:\Program Files\SUPERAntiSpyware.exe
2006-10-04 02:06 302680 --------- C:\Program Files\ac3filter_0_70b.exe
2006-09-24 21:11 39957 --------- C:\Program Files\EvID4226Patch223d-en.zip
2006-09-23 19:21 643711 --------- C:\Program Files\XviD-1.1.0-30122005.exe
2006-09-23 19:03 582761 --------- C:\Program Files\divx_311alpha.exe
2006-09-23 18:52 1127732 --------- C:\Program Files\videoinspector.exe
2006-09-22 00:09 3406221 --------- C:\Program Files\tcmp4.exe
2006-09-08 11:23 439296 --a------ C:\DOCUME~1\OWNER~1.GRE\remote.exe
2006-09-05 21:16 22083376 --a------ C:\Program Files\QuickTimeInstaller.exe
2006-08-27 00:21 501363 --a------ C:\Program Files\QuickPar-0.9.1.0.exe
2006-08-26 23:54 1267103 --a------ C:\Program Files\GrabIt162b.exe
2006-08-20 17:46 25760213 --a------ C:\Program Files\SUPERsetup.exe
2006-08-20 16:45 1181812 --a------ C:\Program Files\flvplayer_setup.exe
2006-08-20 16:43 8823312 --a------ C:\Program Files\RCSetup.exe
2006-08-20 16:14 4001792 --a------ C:\Program Files\Opera_9.01_Classic_Setup.exe
2006-08-15 21:07 1014477 --a------ C:\Program Files\wrar351.exe
2006-08-13 13:09 2327233 --a------ C:\Program Files\audacity-win-1.2.4b.exe
2006-08-13 13:07 614943 --a------ C:\Program Files\lame-3.96.1.zip
2006-08-09 17:57 13526432 --a------ C:\Program Files\RealPlayer10-5GOLD_rs.exe
2006-07-16 19:50 1244237 --a------ C:\Program Files\extramame.zip
2003-10-01 19:49 707 --a------ C:\Program Files\RealOne Player.lnk
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 02:14:52 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 20:31:20 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 23:32:28 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 18:24:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 21:16:22 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A771E4D4-4B32-415C-78A8-F06FAA019985}]
C:\Program Files\ComPlus Applications\quka.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 00:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 15:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-09 17:58]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 18:33]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-08-30 09:57]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-08-30 09:57]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 23:30]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-25 13:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-10-18 12:36]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2006-08-01 21:58:54]

C:\DOCUME~1\MARIAP~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\MICHAE~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 13:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 11:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"RtWLan"=C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H

R0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
R2 CDRPDACC;Arrowkey Device Access;\??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-25 00:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-30 20:10:57 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A9536910-0800-4315-AA78-14FE7C17563F}.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 13:12:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-30 13:19:15
C:\ComboFix-quarantined-files.txt ... 2007-08-30 13:19

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 1:23:41 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {A771E4D4-4B32-415C-78A8-F06FAA019985} - C:\Program Files\ComPlus Applications\quka.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03bf66e303aee3...ip/RdxIE601.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Edited by L A Slim, 30 August 2007 - 03:27 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:31 AM

Posted 30 August 2007 - 06:00 PM

Hello L A Slim,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6 Update 2.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
*******************************************

Download CCleaner and install it. (default location is best). Do not download the Beta version 2.0. Do not run it yet!

CCleaner Tutorial

*******************************************

Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O2 - BHO: (no name) - {A771E4D4-4B32-415C-78A8-F06FAA019985} - C:\Program Files\ComPlus Applications\quka.dll (file missing)

*******************************************




Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ststv.bak1
C:\WINDOWS\SYSTEM32\mpdsrngo.exe
C:\WINDOWS\SYSTEM32\jjkkj.bak1
C:\WINDOWS\SYSTEM32\nqstv.bak2
C:\WINDOWS\SYSTEM32\nqstv.bak1




Save this as txt file CFScript and save it to your desktop.


Then drag the CFScript into ComboFix.exe as you see in the screenshot below.


Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Reboot your computer.

You will need to use Internet Explorer for this scan.

Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

*******************************************

Post the post the contents of Combofix.txt, the BitDefender log, a new Hijackthis log, and tell me how your computer is running.

Edited by SifuMike, 30 August 2007 - 06:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 L A Slim

L A Slim
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 31 August 2007 - 12:31 PM

Thanks for the help. Much appreciated. Still having a problem with windows freezing though the computer is indeed faster. Here are all the new reports...

ComboFix 07-08-30.3 - "Owner" 2007-08-30 23:41:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.66 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Owner.GRENDEL\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ststv.bak1
C:\WINDOWS\SYSTEM32\mpdsrngo.exe
C:\WINDOWS\SYSTEM32\jjkkj.bak1
C:\WINDOWS\SYSTEM32\nqstv.bak2
C:\WINDOWS\SYSTEM32\nqstv.bak1


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\SYSTEM32\jjkkj.bak1
C:\WINDOWS\SYSTEM32\mpdsrngo.exe
C:\WINDOWS\SYSTEM32\nqstv.bak1
C:\WINDOWS\SYSTEM32\nqstv.bak2
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\ststv.bak1
C:\WINDOWS\SYSTEM32\ybeeg.bak1


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-30 12:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-30 10:24 <DIR> d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\Motive
2007-08-30 10:22 <DIR> d-------- C:\Program Files\STOPzilla!
2007-08-30 10:22 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-08-30 10:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\STOPzilla!
2007-08-30 10:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Motive
2007-08-30 10:13 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-08-30 09:58 26,787 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vetmonnt.sys
2007-08-28 19:59 14 --a------ C:\WINDOWS\inet_token_.dll
2007-08-28 19:56 <DIR> d-------- C:\Program Files\Auction Alert
2007-08-25 21:20 <DIR> d-------- C:\Program Files\Flickr Uploadr
2007-08-14 17:10 225,280 -ra------ C:\WINDOWS\SYSTEM32\SZBase5.dll
2007-08-13 16:18 <DIR> dr-h----- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\yahoo!
2007-08-12 21:07 <DIR> d--hs---- C:\WINDOWS\TWljaGFlbCBQb3VsaW4
2007-08-12 21:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\NetMon
2007-08-09 18:20 28,928 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\SZKG.sys
2007-08-07 13:30 372,736 -ra------ C:\WINDOWS\SYSTEM32\IS3UI5.dll
2007-08-07 13:30 294,912 -ra------ C:\WINDOWS\SYSTEM32\IS3DBA5.dll
2007-08-07 13:30 126,976 -ra------ C:\WINDOWS\SYSTEM32\IS3HTUI5.dll
2007-08-07 13:29 69,632 -ra------ C:\WINDOWS\SYSTEM32\IS3Hks5.dll
2007-08-07 13:29 23,040 -ra------ C:\WINDOWS\SYSTEM32\IS3XDat5.dll
2007-08-07 13:29 184,320 -ra------ C:\WINDOWS\SYSTEM32\IS3Win325.dll
2007-08-07 13:28 94,208 -ra------ C:\WINDOWS\SYSTEM32\IS3Inet5.dll
2007-08-07 13:28 90,112 -ra------ C:\WINDOWS\SYSTEM32\IS3Svc5.dll
2007-08-07 13:28 688,128 -ra------ C:\WINDOWS\SYSTEM32\IS3Base5.dll
2007-07-26 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
2007-07-18 00:02 <DIR> d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\Nero
2007-07-17 23:37 <DIR> d-------- C:\Program Files\Nero(2)
2007-07-17 12:21 <DIR> d-------- C:\Program Files\DVD Flick
2007-07-17 12:21 <DIR> d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\DVD Flick
2007-07-17 12:20 <DIR> d-------- C:\Program Files\dvdflick_src_1.2.1.4
2007-07-04 13:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-04 13:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 10:44 1024 --a------ C:\WINDOWS\system32\drivers\3524CB77-BC8B-4118-949C-A12E20CA5BAD.cxv
2007-08-30 10:32 8192 --a------ C:\WINDOWS\system32\drivers\78AAB902-0040-46F7-BF65-6C63022BBF81.cxv
2007-08-30 10:20 --------- d-------- C:\Program Files\Verizon
2007-08-30 09:58 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo!
2007-08-30 09:57 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-08-30 09:57 74864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-08-30 09:57 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-08-30 09:57 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-08-30 09:57 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-08-30 09:57 115824 --a------ C:\WINDOWS\UnVet32.exe
2007-08-30 09:57 111728 --a------ C:\WINDOWS\AVShlExt.dll
2007-08-30 09:57 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-08-30 00:25 --------- d-------- C:\Program Files\Yahoo!
2007-08-20 20:40 --------- d-------- C:\Program Files\Soulseek
2007-08-13 14:30 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2007-08-13 13:46 879832 --a------ C:\WINDOWS\system32\drivers\VetEFile.1
2007-08-13 13:46 26787 --a------ C:\WINDOWS\system32\drivers\VetMonNT.1
2007-08-13 13:46 108360 --a------ C:\WINDOWS\system32\drivers\VetEBoot.1
2007-08-13 13:45 21031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.1
2007-08-13 13:45 15735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.1
2007-08-13 13:45 15478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.1
2007-08-12 06:01 --------- d-------- C:\Program Files\Microsoft Works
2007-07-31 06:58 --------- d-------- C:\Program Files\PeerGuardian2
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 23:59 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-26 23:58 --------- d-------- C:\Program Files\Ahead
2007-07-18 00:04 --------- d-------- C:\DOCUME~1\OWNER~1.GRE\APPLIC~1\Ahead
2007-07-17 12:19 2627362 --------- C:\Program Files\dvdflick_src_1.2.1.4.zip
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-30 15:21 180351392 --------- C:\Program Files\Nero-7.9.6.0_eng_trial.exe
2007-05-17 13:31 41461 --------- C:\Program Files\youtube_plugin-0.9.5.zip
2007-05-12 11:18 5671965 --------- C:\Program Files\gtk+-2.10.6-1-setup.zip
2007-05-12 11:09 7868424 --------- C:\Program Files\gimp-2.2.14-i586-setup-1.exe
2007-04-03 09:46 1488755 --------- C:\Program Files\CM201.exe
2007-03-29 21:40 1488755 --------- C:\Program Files\CM201E.exe
2007-03-29 21:33 1471706 --------- C:\Program Files\CM251E.exe
2007-03-29 21:29 9017092 --------- C:\Program Files\CM42_WIN_ENU_UP.exe
2007-02-08 12:21 14705768 --------- C:\Program Files\DivXInstaller.exe
2007-01-10 16:13 9282056 --------- C:\Program Files\TU2006TrialEN.exe
2007-01-01 22:33 550667 --------- C:\Program Files\dBpowerAMP-codec-flac.exe
2007-01-01 22:33 2167119 --------- C:\Program Files\dMC-r11[1].5.exe
2006-12-02 12:36 1094021 --------- C:\Program Files\dvdshrink32setup1.zip
2006-12-02 12:31 899414 --------- C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2006-12-02 12:16 15788438 --------- C:\Program Files\DVD-XCopy-Platinum-with-Crack.rar
2006-11-13 11:21 882489 --------- C:\Program Files\pg2-050918-nt.exe
2006-11-13 11:02 7205986 --------- C:\Program Files\level1.gz
2006-11-13 10:47 131812 --------- C:\Program Files\listdrop-1.0-nt.zip
2006-11-12 01:32 5585184 --------- C:\Program Files\SUPERAntiSpyware.exe
2006-10-04 02:06 302680 --------- C:\Program Files\ac3filter_0_70b.exe
2006-09-24 21:11 39957 --------- C:\Program Files\EvID4226Patch223d-en.zip
2006-09-23 19:21 643711 --------- C:\Program Files\XviD-1.1.0-30122005.exe
2006-09-23 19:03 582761 --------- C:\Program Files\divx_311alpha.exe
2006-09-23 18:52 1127732 --------- C:\Program Files\videoinspector.exe
2006-09-22 00:09 3406221 --------- C:\Program Files\tcmp4.exe
2006-09-08 11:23 439296 --a------ C:\DOCUME~1\OWNER~1.GRE\remote.exe
2006-09-05 21:16 22083376 --a------ C:\Program Files\QuickTimeInstaller.exe
2006-08-27 00:21 501363 --a------ C:\Program Files\QuickPar-0.9.1.0.exe
2006-08-26 23:54 1267103 --a------ C:\Program Files\GrabIt162b.exe
2006-08-20 17:46 25760213 --a------ C:\Program Files\SUPERsetup.exe
2006-08-20 16:45 1181812 --a------ C:\Program Files\flvplayer_setup.exe
2006-08-20 16:43 8823312 --a------ C:\Program Files\RCSetup.exe
2006-08-20 16:14 4001792 --a------ C:\Program Files\Opera_9.01_Classic_Setup.exe
2006-08-15 21:07 1014477 --a------ C:\Program Files\wrar351.exe
2006-08-13 13:09 2327233 --a------ C:\Program Files\audacity-win-1.2.4b.exe
2006-08-13 13:07 614943 --a------ C:\Program Files\lame-3.96.1.zip
2006-08-09 17:57 13526432 --a------ C:\Program Files\RealPlayer10-5GOLD_rs.exe
2006-07-16 19:50 1244237 --a------ C:\Program Files\extramame.zip
2003-10-01 19:49 707 --a------ C:\Program Files\RealOne Player.lnk
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 02:14:52 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll
2005-07-14 20:31:20 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll
2005-06-26 23:32:28 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll
2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2006-04-27 18:24:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll
2005-02-28 21:16:22 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll


((((((((((((((((((((((((((((( snapshot_2007-08-30_131630.28 )))))))))))))))))))))))))))))))))))))))))

----a-w 135,168 2007-07-12 08:22:00 C:\WINDOWS\SYSTEM32\java.exe
----a-w 135,168 2007-07-12 08:22:04 C:\WINDOWS\SYSTEM32\javaw.exe
----a-w 139,264 2007-07-12 09:22:38 C:\WINDOWS\SYSTEM32\javaws.exe

----a-w 24,670 2006-08-03 01:08:50 C:\WINDOWS\SYSTEM32\java.exe
----a-w 28,768 2006-08-03 01:08:50 C:\WINDOWS\SYSTEM32\javaw.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 00:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 15:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-09 17:58]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 18:33]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-08-30 09:57]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-08-30 09:57]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 23:30]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-25 13:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-10-18 12:36]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2006-08-01 21:58:54]

C:\DOCUME~1\MARIAP~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\MICHAE~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 13:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 11:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"RtWLan"=C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H

R0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
R2 CDRPDACC;Arrowkey Device Access;\??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys


Contents of the 'Scheduled Tasks' folder
2007-08-25 00:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-31 07:01:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A9536910-0800-4315-AA78-14FE7C17563F}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 23:55:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-31 0:02:07
C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:02
C:\ComboFix2.txt ... 2007-08-30 13:19

--- E O F ---
itDefender Online Scanner - Real Time Virus Report



Generated at: Fri, Aug 31, 2007 - 10:21:29


--------------------------------------------------------------------------------





Scan Info



Scanned Files
355925

Infected Files
20








Virus Detected



Adware.Webbuying.M
2

Trojan.Dropper.PurityScan.AK
1

Trojan.Downloader.Purityscan.EH
2

GenPack:Adware.Webbuying.M
1

Trojan.Agent.AZT
3

Trojan.Agent.VB.AOU
1

Adware.TTC.B
1

Trojan.Downloader.PurityScan.CR
1

Trojan.Downloader.Agent.BHU
3

Trojan.Agent.ABLK
1

Trojan.Downloader.Delf.JJ
1

Trojan.Popwin.DE
1

Trojan.Agent.ABHK
1

Adware.Sqwire.C
1










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.




Logfile of HijackThis v1.99.1
Scan saved at 10:31:20 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03bf66e303aee3...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:31 AM

Posted 31 August 2007 - 12:40 PM

Hi L A Slim,

Looks like you only posted the top portion of the BitDefender log.
Please post the entire BitDefender log. :thumbsup: I need to see the viruses it found, the locations and if it deleted them.


Still having a problem with windows freezing though the computer is indeed faster

.

Are the popups gone?

Do you have the Windows installation CD?

Edited by SifuMike, 31 August 2007 - 12:58 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 L A Slim

L A Slim
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 31 August 2007 - 01:02 PM

BitDefender Online Scanner - Real Time Virus Report



Generated at: Fri, Aug 31, 2007 - 10:21:29


--------------------------------------------------------------------------------





Scan Info



Scanned Files
355925

Infected Files
20








Virus Detected



Adware.Webbuying.M
2

Trojan.Dropper.PurityScan.AK
1

Trojan.Downloader.Purityscan.EH
2

GenPack:Adware.Webbuying.M
1

Trojan.Agent.AZT
3

Trojan.Agent.VB.AOU
1

Adware.TTC.B
1

Trojan.Downloader.PurityScan.CR
1

Trojan.Downloader.Agent.BHU
3

Trojan.Agent.ABLK
1

Trojan.Downloader.Delf.JJ
1

Trojan.Popwin.DE
1

Trojan.Agent.ABHK
1

Adware.Sqwire.C
1










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

That's all that came up. Should I run it again. I as well don't see whether or not any of them were deleted. POPUPS are all gone.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:31 AM

Posted 31 August 2007 - 01:14 PM

That's all that came up. Should I run it again. I as well don't see whether or not any of them were deleted.



It may be BitDefender has changed the format of their listing. Previously it listed the locations of every virus, and if it deleted it or not.

No sense in running it again, so lets try another virus scanner.


Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please
temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.


* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please perform this online scan:

Kaspersky Webscan

This scan require Internet Explorer to run.
Read the Requirements and Privacy statement, then select "Accept"

A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail Bases


It does not provide an option to clean/disinfect.
When the scan is complete choose to save the results as "Save as Text"

Post the Kaspersky scan results in your next reply. If the Kaspersky scan is too big to post then attach it.



POPUPS are all gone.


Great. :thumbsup:



Do you have the Windows installation CD? I usually comes with the computer.

Edited by SifuMike, 31 August 2007 - 01:15 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 L A Slim

L A Slim
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 31 August 2007 - 07:32 PM

Looks like I still have some viruses. 6 to be exact with 16 infected objects. Yeah, internet explorer seems to freeze up when first clicking on to get online. Other times when going to another page it will freeze and or feel like I'm still running dial up when in fact I'm using Verizon DSL. It just hangs sometimes not even connecing and just freezing. I have to close it down which actually takes a few seconds,sometimes having to CTL-ALT-DEL. Maybe these viruses are the cause. I'm sure you know. I must have a CD for Windows as I bought it new from Dell. Here's the kaspersky log file....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 31, 2007 5:25:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/09/2007
Kaspersky Anti-Virus database records: 401550
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 113241
Number of viruses found: 6
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 02:10:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\149766d2dda1c3e2f58c16325c89e30b_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a49c38ba5cd8edf0ba6a53e6d0d782de_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael Poulin\Local Settings\Temp\hsperfdata_Michael Poulin\2152 Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Application Data\Aim\itlazmrp\HerbyLives\cert8.db Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Application Data\Aim\itlazmrp\HerbyLives\key3.db Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\History\History.IE5\MSHist012007083120070901\index.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Temp\~DF2065.tmp Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Temp\~DF2073.tmp Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Temporary Internet Files\Content.IE5\5HQHUF2X\01[1].htm Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner.GRENDEL\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Verizon Online\ConnMgr\VZLog Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir NSIS: infected - 4 skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0108920.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0108922.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0108933.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0110173.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0110173.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP517\A0112987.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP546\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{341DB92A-F24F-46FF-9D29-14E53D3FBF05}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by L A Slim, 31 August 2007 - 07:36 PM.


#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:31 AM

Posted 31 August 2007 - 09:41 PM

Hi L A Slim,

Yeah, internet explorer seems to freeze up when first clicking on to get online. Other times when going to another page it will freeze and or feel like I'm still running dial up when in fact I'm using Verizon DSL. It just hangs sometimes not even connecing and just freezing. I have to close it down which actually takes a few seconds,sometimes having to CTL-ALT-DEL. Maybe these viruses are the cause.



See if you can find a process causing the freezing with Task Manager.
Please right-click an empty space on the system bar (grey bar at bottom of the screen) and select Task Manager.
Click the Processes tab and then click the heading CPU twice.
This will sort all processes top down by CPU usage (with the CPU hogs at the top).
You will have to leave Task Manager active on the system bar since the freezing is random. Look for any process hogging CPU.
Note that System Idle Process is noramly very high (95-99%) as that is your free memory.


===== Details =====

Number of items = 16
Number of viruses found: 6
Number of infected objects: 16
Number of suspicious objects: 0

C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream/data0002/data0002 ------> Trojan-Downloader.Win32.PurityScan.eh
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream/data0002 ------> Trojan-Downloader.Win32.PurityScan.eh
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream/data0004 ------> Win32.Mostofate.u
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir/stream ------> Win32.Mostofate.u
C:\qoobox\Quarantine\C\WINDOWS\b128.exe.vir NSIS: infected - 4
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0108920.exe ------> Trojan.Win32.Small.oa
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0108922.exe ------> Win32.Rond.c
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0108933.exe ------> Win32.Agent.co
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0110173.exe/Toolbar.exe ------> AdTool.Win32.MyWebSearch
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP506\A0110173.exe RAR: infected - 1
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP517\A0112987.exe ------> Win32.Agent.co
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream/data0002/data0002 ------> Trojan-Downloader.Win32.PurityScan.eh
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream/data0002 ------> Trojan-Downloader.Win32.PurityScan.eh
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream/data0004 ------> Win32.Mostofate.u
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe/stream ------> Win32.Mostofate.u
C:\System Volume Information\_restore{9D820C94-3DBC-429F-97B6-FBEB11C9D745}\RP542\A0127192.exe NSIS: infected - 4



Looks like you are clean of viruses. :thumbsup:
Kaspersky found virus that were removed by ComobFix and the rest of the viruses are previously removed by your antivirus and stored in your System Restore folder. We will be cleaning your System Restore folder when we are finished.


There are a few items we can clean up in your log, but none of them would cause freezing you are describing.

Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03bf66e303aee3...ip/RdxIE601.cab


These are optinal fixes. The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
(Description: Apple's QuickTime Tray Icon which enables you to start QuickTime from the System Tray (from version 5 onward). Given the extremely simple functionality of this Tray icon, it is in our view an unreasonable resource hog - it has been measured to use as much as 1.5Mb of memory at times in earlier versions, and in version 7 it uses as much as 3.4Mb of memory on our test systems. Yet, on Windows PCs hardly anyone starts QuickTime manually, whether from the System Tray or otherwise - what usually happens is that the end-user opens a QuickTime movie file or email attachment and Windows then automatically opens QuickTime to enable the end-user to view the movie or video. There is therefore almost never a need for the end-user to start QuickTime manually from the System Tray. )
 

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.


*******************************************


Reboot your computer.

Let's look in a different place for signs.

Open HijackThis
Go to 'config'
Go to 'misc tools'
Press the button 'open uninstall manager'
Press 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.


Post the post a new Hijackthis log, and the uninstall manager log.

Edited by SifuMike, 31 August 2007 - 09:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 L A Slim

L A Slim
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 01 September 2007 - 12:33 AM

Funny when I closed out of the screen(the one where I'm reading this message and hit ctrl-alt-del to bring up Windows Task Mangager
had the "not responding" message come up at the top of the screen. Had to manually close it out via CTl-Alt-Del process but it still
hangs on for at least a minute until I open up the explorer again. Constantly doing this as of late. The only thing I found besidses the system idle process which
like you said was in the 88-90+ rang was

McciTrayApp.exe 06-08 . Maybe 3 other processes showed up at any one time max. So don't know what's going on there

When you close out the screen also it will leave the image of the smaller screen as just a blank white rectangular,same size as
the actual window but it's just white. And this hangs there with the other windo that states when closing out "Not responding". As I'm typing this I'm
waiting for a new screen to open up for Windows Internet Explorer but it's just hanging . Will close out again and get a End Program pop up message when closing out the screen. Even when hitting "End Now" it doesn't end
it just hangs on for about 30 seconds or more. After that I get a "You chose to end the nonresponsive program,Internet Explorer". The one that states "Send Error Report", Don't send.




When I went to reboot my computer had a message that was a popup which stated Computer Might be at risk. Firewall is turned off. Had to turn it back on.

Uninstall Log list

ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager 2.0 (Remove Only)
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
AOL Instant Messenger
ArcSoft Panorama Maker 3
Auction Alert 1.1.3
Audacity 1.2.4
BCM V.92 56K Modem
BitLord 1.1
Broadcom Advanced Control Suite
Broadcom Driver Installer
Brother MFL-Pro Suite
CCleaner (remove only)
Creative MediaSource
dBpowerAMP FLAC Codec
dBpowerAMP Music Converter
Dell AIO Printer A940
Dell ResourceCD
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
DVD X Rescue
FaxTools
Flickr Uploadr 2.5.0.15
FLV Player 1.3.3
GrabIt 1.6.2 Beta (build 940)
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® Extreme Graphics Driver
Jasc Paint Shop Photo Album
Java™ 6 Update 2
Kaspersky Online Scanner
KC Softwares VideoInspector
Memory Key Boot Utility
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero 7
Nero Suite
neroxml
Nikon Message Center
OLYMPUS CAMEDIA Master 2.0
PaperPort
PDF Settings
PeerGuardian 2.0
PictureProject
PictureProject In Touch Downloader 1.0
QuickPar 0.9
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
SoulSeek Client 156c
SoundMAX
SUPER © Version 2006.19 (FIX)
SUPERAntiSpyware Free Edition
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Verizon Online DSL
Verizon Online Help & Support
Verizon Online Help and Support
Verizon Servicepoint 1.3.21
Verizon Yahoo! Applications
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
WG111v2 Configuration Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XviD 1.1 final uninstall
XviD MPEG4 Video Codec (remove only)


New Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 10:31:26 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:31 AM

Posted 01 September 2007 - 01:53 PM

Hello L A Slim,

When I went to reboot my computer had a message that was a popup which stated Computer Might be at risk. Firewall is turned off. Had to turn it back on.


That detection is not because you have the Windows Firewall turned off. It is because your antivirus is overriding the alerts of the Windows Security Center.
Windows Security Center is capable of monitoring your firewall as well as their anti-virus product and alerting if they are not loaded.

You can see that these alerts have been turn off if you go into
Start > Control Panel > Security Center > Resources (on the left hand side of the window – expand if necessary) > click "Change the way Security Center alerts me". This brings up an "Alert Setting" window. There are three possible alerts:
Firewall Alert me if my computer might be at risk because of my firewall settings
Automatic Updates Alert me if my computer might be at risk because of my Automatic Updates settings
Virus Protection
Alert me if my computer might be at risk because of my virus protection software settings
I believe that you will find that one or more of these alerts have been turned off.

************************


McciTrayApp.exe is related to Motive_Communications. It provides tray access to Motive's Broadband 2.0 configuration and repair utility.

************************

I see you have some McAfee remenents in your Hijackthis log.
Lets remove all traces of McAfee and see if that helps.

How to uninstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

Summary: This document explains how to remove McAfee Consumer products using the McAfee Consumer Products Removal tool. This option should only be used as an alternative if you cannot remove your McAfee product through the normal Add/Remove Programs.

Affected Products:
McAfee Security Center
McAfee VirusScan
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SpamKiller
McAfee Wireless Network Security
McAfee SiteAdvisor
McAfee Data Backup
McAfee Network Manager
McAfee Easy Network
McAfee AntiSpyware
Affected Operating Systems:
Microsoft Windows 2000 Professional
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows Vista

NOTE: This tool is not compatible with Microsoft Windows 98 or ME.

Description
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.

Solution
Download and run the McAfee Removal tool
NOTE: Always be sure to uninstall your McAfee product through Add/Remove Programs, first. The following steps should only be taken if uninstalling through Add/Remove Programs has failed.

Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe.
Click Save and save the file to any folder on the computer.
Navigate to the folder where the file is saved.
Make sure all McAfee application windows are closed.
Double-click MCPR.exe and the removal tool will start automatically.

Note: Windows Vista users must right-click and select Run as Administrator.
Once the removal tool is finished, you will be prompted to restart your computer. If you choose to restart later, your McAfee product will not be fully removed until you do.
Wait for the computer to restart.

All McAfee products are now removed from your computer.


************************

When you close out the screen also it will leave the image of the smaller screen as just a blank white rectangular,same size as
the actual window but it's just white. And this hangs there with the other windo that states when closing out "Not responding". As I'm typing this I'm
waiting for a new screen to open up for Windows Internet Explorer but it's just hanging . Will close out again and get a End Program pop up message when closing out the screen. Even when hitting "End Now" it doesn't end
it just hangs on for about 30 seconds or more. After that I get a "You chose to end the nonresponsive program,Internet Explorer". The one that states "Send Error Report", Don't send.



What firewall are you using? I dont recommend Windows XP firewall as it is one directional, while all commerical firewall are bi-directional.

Important Tips -- Before installing personal firewall software on a Windows XP computer, be sure that the firewall built into Windows XP is turned off. Never use two software firewalls at the same time. Completely uninstall one before installing another. Use the vendor's uninstall utility or if not available, use the Windows XP add/remove software tool in the control panel. 

Here are five free firewalls available for personal use. If one conflicts with your system, try another.
I use Comodo firewall.

You Need a (Properly Configured) Firewall
Understanding and Using Firewalls


Comodo
Comodo User Guide

Sunbelt Kerio Firewall

Outpost Firewall Free

Jetico Personal Firewall



ZoneAlarm
ZoneAlarm Manual http://download.zonelabs.com/bin/media/pdf/ZAP40_manual.pdf

************************

We will make sure you dont have damaged system files.

Let's run Microsoft's System File Checker program.

The utility will check the system files and automatically replace any that it finds necessary.


Scannow Tutorial

You may need the Windows Install CD, so have it ready.

Go to Start, then Run,  type sfc /scannow in the run box and press enter.

When it has finished it will close itself.

Note: There is a space between sfc and the forward slash. Windows will ask you for your Windows Install CD so put it in...don't worry if the XP setup screen appears, this is not a part of sfc /scannow, your autorun utility in Windows is starting it. Simply minimize the screen and allow sfc to continue.

Edited by SifuMike, 01 September 2007 - 02:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:31 AM

Posted 05 September 2007 - 10:45 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users