Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer


  • Please log in to reply
12 replies to this topic

#1 Paul001

Paul001

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 12 December 2006 - 10:29 PM

Hi,

My computer has been running very slowly lately. I ran windo washer, ad aware, spybot, adwatch, f-prot, and registry cleaner with the hope that this would help. The computer is still slow. I'd appreciate any help that somebody could offer.

Thanks,

Paul

P.S. The Highjackthis log is below.




Logfile of HijackThis v1.99.1
Scan saved at 9:11:42 PM, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Audible\Bin\ADHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShieldold\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 13 December 2006 - 04:14 AM

Hello :thumbsup:

I would like to take a look at this log for you
and will get back you you as soon as I can.

Thank You.

#3 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 13 December 2006 - 12:41 PM

Ourwilly,

Thanks. I appreciate it. :thumbsup:

Paul

#4 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 15 December 2006 - 12:29 PM

Hello Paul001

Sorry to keep you waiting.. :thumbsup:

Please Copy and Paste this post into a new text document or print it out for reference.

Step 1

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will reboot your computer,
    click OK.
  • Please post the contents of C:\vundofix.txt in your next reply
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.


Scan with HijackThis again and place a checkmark in the boxes before the following entries:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - Winlogon Notify: pmnli - C:\WINDOWS\

Close any Explorer windows which may be open and click the "Fix Checked" button.


Step 2

Can you please use the new Updated version of 'ewido security suite' which is now called 'AVG Anti-Spyware 7.5'

Go to Start | Control Panel | Add/Remove Programs and Uninstall ewido security suite

Then Reboot your system

Now Download AVG Anti-Spyware 7.5
http://www.ewido.net/en/download/

The program should launch automatically after installation. If not, double-click the desktop icon.

Deactivate the "Resident Shield" as this may prevent changes to the registry.
To do this, click "Change State" to the right of the Resident Shield option in the main window.
You will clearly see the status change to Inactive if you have done this correctly.

Now Update AVG Anti-Spyware 7.5
click the "Update" icon from the main menu.
Then click the "Start Update" button.
When you receive the "Update successful" prompt, close AVG AS.
Note: If you have any problems with the updater, you can Update AVG Anti-Spyware 7.5 Manually.
Do not Scan with this yet!

Please Reboot your System into Safe Mode Shut down your system, then Restart your computer
as soon as it starts booting up again continuously tap F8 from the menu select the option to enter Safe Mode

Click Start | Run and type cleanmgr in the run box
Checkmark these: Temporary Files | Temporary Internet Files | Recycle Bin
Click OK to start the cleanup and wait for it to finish.

Go to Start | Control Panel | Internet Options
In the General tab, Temporary Internet Files, click: Delete Files
When prompted, check: Delete all offline content
You can also check: Delete Cookies
(You will have to re-enter passwords at websites that require them.)
Click OK

Reopen AVG Anti-Spyware 7.5 and click the "Scanner" icon from the main menu.
Click "Complete System Scan" to start scanning.
When the scan completes, click "Recommended action" beneath the results window and select "Quarantine".
Then click the "Apply all actions" button to quarantine everything detected.
Then click Save report > Save report as and save the AVG Report-Scan.txt to your desktop.
Then Reboot back into Normal Mode


Step 3

Now please Scan your system with the Panda ActiveScan using Internet Explorer
http://www.pandasoftware.com/activescan.htm
When the scan completes, click the See Report button, then Save Report, and save it to your desktop


Now Go to Start | Control Panel | Add/Remove Programs and Uninstall:

any item with Java Runtime Environment (JRE) in the name

Restart the computer.

Now CLICK HERE select the Download button next to "Java Runtime Environment (JRE) 6"
"Accept" the License Agreement Then choose the First download link "Windows Offline Installation, Multi-language".
Please note - You must Install this version Offline.

Step 4

Please Re-scan with HijackThis and post

1/ The new HijackThis log
2/ The vundofix.txt log
3/ The AVG Report-Scan.txt
4/ The Online Panda Scan

Thank you.

#5 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 December 2006 - 12:37 PM

Ourwilly,

Thanks. I'll follow your steps over the weekend and post my results when I am done.

Paul

#6 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 15 December 2006 - 11:02 PM

Dear Ourwilly,

You might be surprised to read that VundoFix.exe did not remove any files. c:\vundofix.txt is presented below.

VundoFix V6.2.13

Checking Java version...

Scan started at 8:57:18 PM 12/15/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...



Should I continue with the rest of your directions? I'll assume that the answer is "yes", but I'll look for your reply.

Thanks,

Paul

#7 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 16 December 2006 - 06:06 PM

Dear Ourwilly,

I followed your directions to the letter. The logs are presented below. You'll notice that there is no vundofix log because no files were removed. I anxiously wait your next recommendations.

Paul




Here's the hijackthislog...

Logfile of HijackThis v1.99.1
Scan saved at 4:40:30 PM, on 12/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Audible\Bin\ADHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\msiexec.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webkinz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\ADHelper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShieldold\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe








Here's the AVG Report-Scan.tct ...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:00:43 AM 12/16/2006

+ Scan result:



C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP695\A0068975.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP695\A0068976.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP695\A0068977.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP715\A0073062.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073532.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073531.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073522.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073523.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073524.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073525.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073526.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073527.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073528.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP723\A0073529.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AB52BD40-7182-4E6D-A2D3-98415849E1A9}\RP709\A0072969.exe -> Downloader.Small.dlw : Cleaned with backup (quarantined).
C:\Documents and Settings\Daddy\Cookies\daddy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daddy\Cookies\daddy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Daddy\Cookies\daddy@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.196:C:\Documents and Settings\Olivia\Application Data\Mozilla\Firefox\Profiles\8wvydrq8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.197:C:\Documents and Settings\Olivia\Application Data\Mozilla\Firefox\Profiles\8wvydrq8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.198:C:\Documents and Settings\Olivia\Application Data\Mozilla\Firefox\Profiles\8wvydrq8.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.39:C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\urhfv8xw.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.40:C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\urhfv8xw.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.41:C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\urhfv8xw.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.106:C:\Documents and Settings\Olivia\Application Data\Mozilla\Firefox\Profiles\8wvydrq8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.107:C:\Documents and Settings\Olivia\Application Data\Mozilla\Firefox\Profiles\8wvydrq8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end










Here's the online Panda Scan


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected C:\Documents and Settings\sims2\Desktop\Click To Find and Fix Errors.lnk
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carolyn\Application Data\Mozilla\Firefox\Profiles\urhfv8xw.default\cookies.txt[.atwola.com/]
Hacktool:Exploit/BytVerify Not disinfected C:\Documents and Settings\Daddy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690ccf7f-319daa33.zip[a.class]
Hacktool:Exploit/BytVerify Not disinfected C:\Documents and Settings\Daddy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690ccf7f-7a8c726a.zip[a.class]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Daddy\Desktop\Computer Maintenance Stuff\VundoFix\VundoFix\process.exe
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\carolyn!@ads.gorillanation[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\carolyn!@cgi-bin[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\carolyn!@go[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\carolyn!@rn11[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\carolyn!@www.affiliatefuel[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\carolyn!@xiti[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\family@rn11[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\family@www.eyeblaster-ds[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\hp authorized customer@cgi-bin[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\Carolyn!\Cookies\hp authorized customer@www.eyeblaster-ds[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\cindy\Cookies\cindy@go[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\cindy\Cookies\cindy@rn11[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\cindy\Cookies\family@rn11[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\cindy\Cookies\family@www.eyeblaster-ds[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\cindy\Cookies\hp authorized customer@cgi-bin[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\cindy\Cookies\hp authorized customer@www.eyeblaster-ds[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\olivia\Cookies\family@rn11[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\olivia\Cookies\family@www.eyeblaster-ds[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\olivia\Cookies\hp authorized customer@cgi-bin[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\olivia\Cookies\hp authorized customer@www.eyeblaster-ds[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\paul\Cookies\family@rn11[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\paul\Cookies\family@www.eyeblaster-ds[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\paul\Cookies\hp authorized customer@cgi-bin[1].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Daddy\old maxtor drive\Profiles\paul\Cookies\hp authorized customer@www.eyeblaster-ds[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.target.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Mommy\Application Data\Mozilla\Firefox\Profiles\7zh6q9en.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\sims2\Application Data\Mozilla\Firefox\Profiles\hgpcklzm.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\sims2\Application Data\Mozilla\Firefox\Profiles\hgpcklzm.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\sims2\Application Data\Mozilla\Firefox\Profiles\hgpcklzm.default\cookies.txt[.rightmedia.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\sims2\Cookies\sims2@2o7[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sims2\Cookies\sims2@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Cookies\carolyn@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Cookies\carolyn@go[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Cookies\carolyn@newnet.qsrch[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Cookies\carolyn@rightmedia[1].txt
Spyware:Cookie/Target Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Cookies\carolyn@target[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Cookies\carolyn@www.affiliatefuel[2].txt
Adware:Adware/WUpd Not disinfected C:\hp pavillion\Documents and Settings\Carolyn\Local Settings\Temporary Internet Files\Content.IE5\YMRT5V1N\iconfun[1].htm
Spyware:Cookie/Atwola Not disinfected C:\hp pavillion\Documents and Settings\Mommy\Cookies\mommy@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\hp pavillion\Documents and Settings\Mommy\Cookies\mommy@go[2].txt
Spyware:Cookie/Qsrch Not disinfected C:\hp pavillion\Documents and Settings\Mommy\Cookies\mommy@newnet.qsrch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\hp pavillion\Documents and Settings\Mommy\Cookies\mommy@rightmedia[2].txt
Spyware:Cookie/Go Not disinfected C:\hp pavillion\Documents and Settings\Olivia\Cookies\olivia@go[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\hp pavillion\Documents and Settings\Olivia\Cookies\olivia@rightmedia[2].txt
Virus:Eicar.Mod Not disinfected C:\Program Files\FSI\F-Prot\fpav-help.chm[/prob-scan-ok.html]
Virus:Eicar.Mod Not disinfected C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[fpav-help.chm][/prob-scan-ok.html]

#8 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 17 December 2006 - 12:59 PM

Hello Paul001 :thumbsup:

Thank you for doing that, let's have a bit of a clean-up to begin with.

Step 1

Please Download CCleaner
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
Click Run Cleaner to run the program.
Caution: It is not recommended to use the 'Issues' tab as it allegedly find's legitimate items.
After it has completed it's process, click Exit
.


Now Clear your Java Cache to do this

Select Start | Settings,
Click on Control Panel,
Double click on the Java icon to open up the Java Control Panel,
on the General Tab, under the Temporary Internet Files heading, click delete files.


Step 2

Can you Please now Open Hijackthis
Click Open Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as Uninstall_list.txt


Step 3

Now Download this file - combofix.exe and save it to your desktop.

Enter Safe Mode..
Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

Double click combofix.exe.

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include

1/ The Uninstall_list.txt
2/ The combofix log

Thank you.

#9 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 17 December 2006 - 05:30 PM

Dear Ourwilly,

Thanks for your help. I've followed your directions.

Here's the uninstall_list ...


Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6.0
Amazing Slow Downer (remove only)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Audible Download Manager
AVG Anti-Spyware 7.5
Backyard Soccer MLS Edition
Ballistik (remove only)
Band-in-a-Box 2004 Update
BigFix
Bikini Twins Photo Shoot
CCleaner (remove only)
Chess Mates
CleanUp!
Competitions at Rosemond Hill
DAEMON Tools
Digital Media Reader
Diner Dash (remove only)
Diner Dash 2 (remove only)
Equestriad 2001
EZface ActiveX 90
Finale NotePad 2005a
F-Prot for Windows
Freeze Clip Art
Gold Miner Special Edition (remove only)
Gold Miner Vegas (remove only)
Google Earth
Google Toolbar for Internet Explorer
Granny in Paradise (remove only)
Harry Potter
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
iPod for Windows 2005-09-06
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iTunes
Java™ SE Runtime Environment 6
Kid Pix Deluxe 3
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Let's Ride 3 Day Eventing - Championship Season
Macromedia Flash Player 8
Mall Tycoon 2
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Outlook 2002
Microsoft Picture It! Photo Premium 9
Microsoft Works
Monopoly
MS Access 97 SP2
Multimedia Keyboard Driver
My Scene™ CD-ROM
Nancy Drew: Danger by Design
Nancy Drew: Danger on Deception Island
Nancy Drew: Ghost Dogs of Moon Lake
Nancy Drew: Last Train to Blue Moon Canyon
Nancy Drew: Message in a Haunted Mansion
Nancy Drew: Secret of Shadow Ranch
Nancy Drew: Secret of the Old Clock
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: Secrets Can Kill
Nancy Drew: Stay Tuned For Danger
Nancy Drew: The Creature of Kapu Cave
Nancy Drew: The Curse of Blackmoor Manor
Nancy Drew: The Final Scene
Nancy Drew: The Haunted Carousel
Nancy Drew: Treasure in the Royal Tower
Nero BurnRights
Nero OEM
Norton Spyware Scan provided by Yahoo!
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
OLYMPUS CAMEDIA Master 4.1
Oregon Trail® 5
Panda ActiveScan
PerformanceTest v6.0
Pizza Frenzy (remove only)
PowerDVD
Quicken WillMaker Plus 2007
QuickTime
RadarSync 2006 (remove only)
realMYST Interactive 3D Edition
RealPlayer
Registry First Aid
Riding Star
SaddleClub
Sandlot Games Client Services
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
SimCity 3000 Unlimited
SiSoftware Sandra Lite XIb (Win64/32/CE)
Snood for Windows version 3.52-W
SoftV92 Data Fax Modem with SmartCP
Splash (remove only)
SpongeBob SquarePants Employee of the Month
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy 1.3.1 TX
The Game Of Life
The Legacy of Rosemond Hill
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims Unleashed
Time to Ride
Viewpoint Media Player
Virtual Sound Canvas 3.2
Window Washer 5
Windows Backup Utility
Windows Internet Explorer 7
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Service Pack 2
WinZip
Yahoo! Install Manager
Yahoo! Toolbar for Internet Explorer
Zoo Tycoon 2 Trial Version
Zoo Tycoon Expanded






and here's the combofix log ...

sims2 - 06-12-17 15:39:18.20 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\sims2\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\aamd532.dll


((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 ))))))))))))))))))))))))))))))))))


2006-12-17 15:07 <DIR> dr-h----- C:\Documents and Settings\sims2\Recent
2006-12-17 15:03 <DIR> d-------- C:\Program Files\CCleaner
2006-12-16 16:36 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-15 22:28 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-15 22:28 <DIR> d-------- C:\Program Files\Grisoft
2006-12-15 20:57 <DIR> d-------- C:\VundoFix Backups
2006-12-15 06:12 <DIR> d-------- C:\Program Files\SiSoftware
2006-12-15 06:09 <DIR> d-------- C:\sandra
2006-12-12 21:08 <DIR> d-------- C:\Program Files\HijackThis
2006-12-12 18:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-12 07:00 <DIR> d-------- C:\Program Files\D-Tools
2006-12-01 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-01 09:17 <DIR> d-------- C:\Program Files\AIM6
2006-11-29 19:31 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-19 16:40 <DIR> d-------- C:\Program Files\Quicken WillMaker Plus 2007


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-16 16:36 -------- d-------- C:\Program Files\Java
2006-12-16 16:36 -------- d-------- C:\Program Files\Common Files
2006-12-16 15:49 -------- d-------- C:\Program Files\The Weather Channel FW
2006-12-16 11:34 -------- d-------- C:\Program Files\WinZip
2006-12-16 11:29 -------- d-------- C:\Program Files\RFA
2006-12-16 11:29 -------- d-------- C:\Program Files\QuickTime
2006-12-16 10:41 -------- d-------- C:\Program Files\Messenger
2006-12-16 10:34 -------- d-------- C:\Program Files\iTunes
2006-12-16 10:32 -------- d-------- C:\Program Files\Internet Explorer
2006-12-16 10:31 -------- d-------- C:\Program Files\Google
2006-12-16 10:14 -------- d-------- C:\Program Files\Digital Media Reader
2006-12-15 22:12 -------- d-------- C:\Program Files\Lavasoft
2006-12-01 09:24 -------- d-------- C:\Program Files\Common Files\aolshare
2006-12-01 09:24 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-07 12:08 -------- d-------- C:\Program Files\EA GAMES
2006-11-02 18:48 -------- d-------- C:\Documents and Settings\sims2\Application Data\Google
2006-11-02 14:59 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-11-02 06:15 -------- d-------- C:\Program Files\AOL
2006-11-02 06:14 -------- d-------- C:\Program Files\AOD
2006-10-29 09:23 -------- d-------- C:\Program Files\Roland
2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nForce Tray Options"="sstray.exe /r"
"nwiz"="nwiz.exe /install"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
@=""
"CHotkey"="zHotkey.exe"
"rfagent"="\"C:\\Program Files\\RFA\\rfagent.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"FRISK FP-Scheduler"="C:\\Program Files\\FSI\\F-Prot\\F-Sched.exe STARTUP"
"F-StopW"="C:\\Program Files\\FSI\\F-Prot\\F-StopW.EXE"
"ShowWnd"="ShowWnd.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix /autoclose"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flags"=dword:00000080

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.southern-california-youth-ballet.org/db4/00334/southern-california-youth-ballet.org/_uimages/PasdeQuatre.jpg"
"SubscribedURL"="http://www.southern-california-youth-ballet.org/db4/00334/southern-california-youth-ballet.org/_uimages/PasdeQuatre.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,0c,02,00,00,ff,02,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,0c,02,00,00,ff,02,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,f3,04,41,c0,b4,74,58,76,4f,04,68,de,f3,04,20,6d,\
f3,04,c7,8f,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,d4,01,00,00,00,00,00,00,2c,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,d4,01,00,00,00,00,00,00,2c,02,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061215-215950-345
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
backup-20061215-215950-566
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20061215-215950-304
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ad-Aware SE Personal.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OnDemand Scanner.job
C:\WINDOWS\tasks\Paul's back-ups.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job
C:\WINDOWS\tasks\Window Washer 5.job

Completion time: 06-12-17 15:55:17.25
C:\ComboFix.txt ... 06-12-17 15:55



Paul

#10 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 24 December 2006 - 11:21 AM

Hi Paul001 :thumbsup:

Sorry to keep you waiting I've been a little busy, Hope you understand

Step 1

Can you please Right-Click on and select Delete on the Click To Find and Fix Errors link-Icon that is on your Desktop

Then Go to Start | Control Panel | Add/Remove Programs and Uninstall:

Viewpoint Media Player
Spybot - Search & Destroy 1.3.1 TX
<--This is an Old version

Reboot your system

Now please Install the latest Spybot S&D.
When installing Spybot S&d DO NOT use the Tea-Timer option until your system is clean.
and follow this Tutorial on how to Install and Update.


Step 2

Before we start you will need to make a back-up of the registry. This is standard procedure before carrying out any alterations to it.
Go to Start > Run, enter "regedit" (without the quotes) and click on OK.
Highlight My Computer by clicking on it and then go to File > Export...
Give the file an appropriate name, registry backup perhaps, leave the "Save As Type:" as it is and save it somewhere safe.
The Desktop is NOT a good idea as it's too close to the Recycle Bin for comfort!
This may take a moment or two so don't worry.

Go to: Start | Run, type in Notepad

Click Format from the Notepad menu and ensure "Word Wrap" is NOT selected.
Copy the Red Text below into Notepad.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}]


Click : File | Save As
Change the Save as type to All Files
Save it to your desktop as fix.reg

Locate Fix.reg Posted Image on your desktop and double-click it.
When asked if you want to merge with the registry, click YES.
Wait for the merged successfully prompt.


Step 3

Can you please Re-scan with HijackThis and post the new log
and information on how your system is running now

Thank you.

#11 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 December 2006 - 01:02 PM

Dear Ourwilly,

Thanks for your help. I'm glad you are back. :flowers: I was afraid that you forgot about me. :thumbsup:

Here's the log from hijack this.

Logfile of HijackThis v1.99.1
Scan saved at 11:58:08 AM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\ADHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HJT\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.webkinz.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common

Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program

Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program

Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program

Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

/autocheck /autofix /autoclose
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program

Files\Audible\Bin\ADHelper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

3.1\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program

Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://eu-housecall.trendmicro-europe.com/...n32/activex/hcI

mpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -

http://a532.g.akamai.net/f/532/6712/5m/vir...er/install3.5/i

nstaller.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program

Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program

Files\Common Files\InstallShieldold\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program

Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program

Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe

Thanks for your help.

Paul

#12 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 26 December 2006 - 03:01 AM

Hi Paul001 :thumbsup:

Please Reboot your System into Safe Mode
Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode

Go to Start > All Programs > Accessories > System Tools > Disk Defragmenter.

Highlight the drive that you want to check, and press the Analyze button. XP will tell you whether the drive needs to be defragmented. If XP does recommend defragging, click the Defragment button.

Reboot back into Normal Mode.

If everything is running fine Then I recommend that you now "Disable" and then "Re-Enable" your System Restore

Here are some Tutorials you may like to Bookmark for future reference:

So how did I get infected in the first place?
Simple and easy ways to keep your computer safe and secure on the Internet

"If you have any questions or comments, post back,

Otherwise, good luck,

ourwilly. :flowers:

#13 Paul001

Paul001
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 01 January 2007 - 09:08 AM

Dear Ourwilly,

Thanks for your help. :thumbsup:

Paul




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users