Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Running Computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 cpotter

cpotter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 11 October 2007 - 08:46 AM

My computer was initially running slow. I follwed the above "this topic". Did everything asked. Computer actually shut down during several of the processes. Have never seen that before. After the computer shut down, I was able to run the process again. I completed each step in "this topic". Each time received some message that the computer was now "clean". I wanted to post the HijackThis log to make sure there was nothing else still on my computer. It is running faster now though. I am getting pop-up messages from "adssite"

The only step I did not perform is the firewall. I'm running Windows XP SP2 and have the windows firewall enabled. I have a desktop and laptop computer. I have both the desktop and laptop connected to a Netgear WGT624 router. To be honest, I don't know if I have to enable firewall features of this router. Do I need an additional seperate firewall? If so, which one do you recommend? Also, I used to have Norton Antivirus on both computers. But virus files are now out of date and need to pay for new updates. I was thinking of using a free virus program instead this time. On the bleeping site, I found avast! 4 Home Edition, Avast Free, and AVG virus scan. Is one better than the other? If my questions regarding firewall and antivirus issues should be posted in another forum, just let me know. Thanks again for all the great help. Chad

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:22 AM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsk2D.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.hp.com/diskless/bin/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127940420113
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142284061744
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 6626 bytes

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 25 October 2007 - 04:39 PM

Hi cpotter sorry for the delay in answering your post.
If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.
Thanks

Starbuck

BBPP6nz.png


#3 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 23 November 2007 - 05:50 PM

Don't worry about the delay. Everyone provides great help. I certainly understand. Still having similar problems. Here is the new HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:57 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26E45419-7205-4fac-BBFE-174BC7337A79} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsd2D.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.hp.com/diskless/bin/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127940420113
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142284061744
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 6502 bytes

Thanks,
Chad

#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 23 November 2007 - 06:06 PM

Hi cpotter

Thanks for the new log, please give me a little time to go over this and i'll get back to you as soon as possible.

Starbuck

BBPP6nz.png


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 23 November 2007 - 06:31 PM

Hi again cpotter

Before i continue, could you please supply me with an uninstall list.
Open HijackThis... click on Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save..... copy and paste the results in your next post.
More information with a screenshot, can be found here.

Thx

BBPP6nz.png


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 25 November 2007 - 11:13 AM

Hi cpotter

To be honest, I don't know if I have to enable firewall features of this router.

As it's advertised as a 'firewall router', i would have thought that it is enabled by default but check the settings to make sure.
This type of firewall is known as a 'hardware' firewall.
Here's a handy page i found:
http://www.jiwire.com/netgear-108mbps-wire...p-usability.htm

Do I need an additional seperate firewall?

You should really be running a 'software' firewall as well.
You can't run 2 software firewalls.... but you can run a software firewall and a hardware firewall together.
I see you are presently using the Windows firewall..........
The Windows XP firewall protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.
Here's some suggestions for a good 3rd party firewall:
Zone Alarm
Online Armor free
Comodo

I found avast! 4 Home Edition, Avast Free, and AVG virus scan. Is one better than the other?

Both are excellent Anti Virus protectors. Choose either one.
Avast
Avg free

Which ever one you choose.... make sure that you update the definitions immediately and then run a full scan.
You must choose an Anti Virus and install it immediately.

I am getting pop-up messages from "adssite"

Ok, let's sort that out for you.

You may find it helpful to print this out.

Step 1
Download SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
    Now close down SuperAntiSpyware.
    Do Not do a scan yet.

    Step 2
    Please disable Spybot S&Dís TeaTimer protection, because it is known to interfere with our fixes.
    You can enable it again after you're clean.
    Open Spybot and click on 'Mode' then click 'Advanced Mode'.
    Click on 'Tools' in bottom left hand corner.
    Click on the 'System Startup' icon.
    Uncheck 'Teatimer' box and/or uncheck 'Resident'.
    Click the 'Allow Change' box.
    Then, check next to the computer clock to see if the icon for Spybot is still there.
    If it is, right click it and choose 'exit Spybot-S&D Resident'.

    Reboot the computer.

    Make sure that you can see hidden files.
    • Click Start.
    • Click My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Uncheck the Hide file extensions for known file types.
    • Click OK.

    Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

    O2 - BHO: (no name) - {26E45419-7205-4fac-BBFE-174BC7337A79} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsd2D.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


    Please reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, a menu with options should appear;
    * Select the first option, to run Windows in Safe Mode, (you will have to use the 'arrow' keys to navigate on this window) then press "Enter".
    * Choose your usual account.

    Then navigate to and delete this file:
    File .............. C:\WINDOWS\system32\nsd2D.dll

    If you need instructions...
    Click on Start ..... My Computer ...... C drive ..... Windows folder .... System32 folder
    Then find the file nsd2D.dll .... right click on it and select delete.

    Step 3
    Scan with SuperAntiSpyware
    Click the desktop icon.......when it starts, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
In you next reply, please post:
The SAS scan results
A new Hjt log.

Thx

BBPP6nz.png


#7 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 16 December 2007 - 02:58 PM

Sorry for my delay in responding. Thanks for the help. I did end up downloading Avast virus protection. I have tried running the virus program now 3 to 4 times. Each time, the computer completely shuts down while running the scan. I have tried running the software in "safe mode". I get the same result. I'm assuming this is secondary to a virus perhaps (that Avast cannot clean)? I was going to try and correct this problem before proceeding with other spyware / adware issues. However, I do not have any other solutions at the molment. I have thought about reformatting the hard drive and reinstalling Windows. The comptuer is a secondary laptop computer with very little personal data on it. Any other suggestions before I reformat? Thanks again for the help. Chad

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 16 December 2007 - 03:59 PM

Hi cpotter

Ok, i need a little more to go on.
Did you complete the fix i posted? did you delete the file i asked you to delete?
Did you install a firewall?
Did you run SuperantiSpyware?
If not...
please follow the fix instructions in my previous post and let me have the logs that i asked for.

Then i'll be more able to help you.
A re-install might not be necessary, i just need to know what's happening now.
Thx

BBPP6nz.png


#9 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 18 December 2007 - 08:59 AM

Thanks for the help.

I installed ZoneAlarm and Avast Virus Protection.

I completed the fix and deleted the file.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/18/2007 at 01:25 AM

Application Version : 3.9.1008

Core Rules Database Version : 3363
Trace Rules Database Version: 1362

Scan type : Complete Scan
Total Scan Time : 02:10:22

Memory items scanned : 177
Memory threats detected : 0
Registry items scanned : 5108
Registry threats detected : 0
File items scanned : 35066
File threats detected : 188

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@web4.realtracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyepcjkbo.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@giftscom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyulajwcp.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spa.valueclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partners.tattomedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@buycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@90634006[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@enhance[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.associatedcontent[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@etoys.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffic.buyservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.its.adjuggler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkoqid5elo.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@coolsavings[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@creview.adbureau[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@iacas.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6whkielcpwep.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gostats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072360878[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adecn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@richmedia.yahoo[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkygjdzkfq.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@crackserver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiujdpcbo.stats.esomniture[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkyohazakq.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1069095226[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkioocpwep.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adcentriconline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.crackserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloeodzmep.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072577578[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.spafinder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@57386690[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealnews.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cupolaventures.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bizrate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findarticles[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.mediacomcc[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.offerstrategy[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.cnn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@crackserialkeygen[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@roiservice[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@74613876[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spafinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlosncpsdo.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@83558168[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@71384334[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wcliopczikp.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmigodzsco.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tase[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eyewonder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.femalehealthmadesimple[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@warezreleases[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoegc5wao.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a.findarticles[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.coolsavings[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@b5media.us.intellitxt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.bridgetrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4chdpseq.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mediaengine[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1.marketbanker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@images.crossmediaservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.hairboutique[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a.findarticles[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adknowledge[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.cnn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bostoncommonpress.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@chicagosuntimes.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicktracks.newcitymedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@creview.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfliqhc5wdp.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkiujdpcbo.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkowgdpkcp.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjloeoczmdo.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyqjcpabp.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eyewonder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ezzs.valueclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findarticles[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@homestore.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@marketlive.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mccwebstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partsexpress[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@reduxads.valuead[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@richmedia.yahoo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@screensavers[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.adxpower[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shopping.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@v7.stats.load[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@webstat.yamaha[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.fullreleases[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.partsexpress[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt

Trojan.Downloader-AUPD
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\AUPD.EXE

Adware.AdRotator/AdsSite
C:\WINDOWS\SYSTEM32\ADSSITE-REMOVE.EXE

Adware.AdRotator/RightOnz
C:\WINDOWS\SYSTEM32\GZMROTATE.DLL
C:\WINDOWS\SYSTEM32\RIGHTONADZ-UNINST.EXE

Trojan.TrafficNinjaBiz
C:\WINDOWS\SYSTEM32\NINJAEXT.DLL





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:45 AM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\3a4c74ad66aac0b11d953bbcf3937ae6\update\update.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.hp.com/diskless/bin/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127940420113
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142284061744
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7168 bytes

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 20 December 2007 - 03:57 AM

Hi cpotter

Some browser hijackers and downloaders have been/are active on your computer. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done.
Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

For more information read ....Here
If you choose to format and reinstall read...... Here

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.
The desion on whether we carry on and try and clean this system is entirely up to you.
I'll wait for your reply.

Starbuck

BBPP6nz.png


#11 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 29 January 2008 - 11:27 AM

I'm going to reformat and reinstall the OS on this computer. I have an additional desktop computer that I'm going to clean entirely before I reformat the other computer. I've posted a new HiJackThis log for the desktop computer in the HiJackThis forum. I've decided to use AVG free virus software and Comodo firewall in combination with Netgear WGT624 router for both of these computers and a new additional Dell laptop. Thanks for all of your great help. Chad Potter

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:33 AM

Posted 29 January 2008 - 05:03 PM

Hi cpotter,

Thanks for letting me know your decision.
Good luck with the re-install. :thumbsup:

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users