Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Restarting, Error Message, Blue Screen...


  • This topic is locked This topic is locked
25 replies to this topic

#1 gossipgirl

gossipgirl

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 09 June 2007 - 08:33 PM

Hi there. A few days ago I made this post: http://www.bleepingcomputer.com/forums/t/95217/computer-acting-very-strangely/ . I'm still having the same problems, but now my computer keeps on restarting again and when it does, a blue screen comes up that says windows isn't starting to protect me from some kind of a problem, and to restart my computer, and when I do, the safe mode screen thing comes up, and I have to choose 'last known good configuration' for windows to boot. Also, now when I run an ad-aware scan, it comes up with many registry entires and 3 processes, but when I try to quarantine/delete them, my computer restarts. I think that the problem has something to do with a file called alpxutzjeqpmq.dll, or possibly jvr.dll, which were created on the night that the problems started, and I think that's one of the things that comes up in Ad-Aware. Also, the mcafee error message that I mentioned in my other topic still comes up whenever I log on. Please help me! I really appreciate any help. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 9:23:58 PM, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.sympatico.msn.ca/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by gossipgirl, 09 June 2007 - 10:17 PM.


BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 10 June 2007 - 02:41 PM

When did this problems started exactly? Could it be they started after a windowsupdate?

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

#3 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 June 2007 - 03:45 PM

Thanks very much for your help! Well, I said in my other topic that it started a few nights ago when my computer restarted itself suddenly, but I think that actually happened to my sister first that same night. I don't know what caused it originally. =s And I don't think it could be a windows update because (I know it's bad) but I never use windows update. Anyways, here the two logs. :thumbsup:

ComboFix 07-06-11 - C:\Documents and Settings\Gwen\Desktop\ComboFix.exe
"Gwen" - 2007-06-10 16:32:33 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


2007-06-10 16:19 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-07 21:26 102,528 --a------ C:\fwdrv.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-19 16:31:35 -------- d-----w C:\Program Files\LimeWire
2007-05-15 20:19:05 1,149 ----a-w C:\WINDOWS\eReg.dat
2007-05-15 20:16:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-15 20:16:43 -------- d-----w C:\Program Files\EA GAMES
2007-04-06 02:31:24 97,280 ----a-w C:\VundoFix.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-03-28 18:20]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 18:25]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-02 13:35]
"POINTER"="point32.exe" []
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-06-02 21:49]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-03-21 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 15:37]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER


Contents of the 'Scheduled Tasks' folder
2007-06-05 21:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2003-06-06 20:35:43 C:\WINDOWS\tasks\ISP signup reminder 1.job
2003-06-06 20:35:43 C:\WINDOWS\tasks\ISP signup reminder 2.job
2003-06-06 20:35:43 C:\WINDOWS\tasks\ISP signup reminder 3.job
2007-06-10 20:29:00 C:\WINDOWS\tasks\McAfee.com Update Check (D8VQYV21-Owner).job
2007-06-10 20:28:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-C).job
2007-06-10 20:29:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-G).job
2007-06-10 20:28:15 C:\WINDOWS\tasks\McAfee.com Update Check (D-Gwen).job
2007-06-10 20:30:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-Y).job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 16:32:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-10 16:33:46
C:\ComboFix-quarantined-files.txt ... 2007-06-10 16:33
C:\ComboFix2.txt ... 2007-04-06 01:31
C:\ComboFix3.txt ... 2006-08-29 21:44

--- E O F ---





Logfile of HijackThis v1.99.1
Scan saved at 16:41, on 2007-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 67.69.184.143
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by gossipgirl, 10 June 2007 - 03:46 PM.


#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 10 June 2007 - 03:54 PM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


#5 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 June 2007 - 04:13 PM

Thank you. :thumbsup: Currently, it's scanning all of my drives and it asked me to cure a few things so I said "yes to all" for them. At the bottom it lists around 20 deleted objects (mostly trojans it appears) except for one that it doesn't say that it deleted: tvmupdater.exe, and its status is apparently Adware.TVMedia ? Should I do anything for that?

#6 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 June 2007 - 06:08 PM

fwdrv.sys;c:\;Trojan.Spambot;Deleted.;
tmp13.tmp.exe;C:\Documents and Settings\Chris\Local Settings\Temp;Trojan.Packed.49;Deleted.;
tmpB.tmp.exe;C:\Documents and Settings\Chris\Local Settings\Temp;Trojan.DownLoader.19433;Deleted.;
tmpE.tmp.exe;C:\Documents and Settings\Chris\Local Settings\Temp;Trojan.Packed.49;Deleted.;
10320054.gif;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Wao;Deleted.;
170.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
171.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
173.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
174.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
175.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
176.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
182.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
184.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Spambot;Deleted.;
iF2.tmp;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.DownLoader.6325;Deleted.;
mLaxZ95e.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.DownLoader.19562;Deleted.;
ogni.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;BackDoor.Insyst;Deleted.;
pre.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Click.1250;Deleted.;
TgvF8tJI.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.DownLoader.19562;Deleted.;
tmp38.tmp.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.DownLoader.19433;Deleted.;
tmp39.tmp.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Packed.49;Deleted.;
tmp40.tmp.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.DownLoader.19433;Deleted.;
tmp41.tmp.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Packed.49;Deleted.;
tmp42.tmp.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Trojan.Packed.49;Deleted.;
tvmupdater.exe;C:\Documents and Settings\Georgia\Local Settings\Temp;Adware.TVMedia;Incurable.Moved.;
UWA7P_0001_N91M0809NetInstaller.exe;C:\Documents and Settings\Georgia\Local Settings\Temp\ICD1.tmp;Trojan.DownLoader.10963;Deleted.;
UWA7P_0001_N91M0809NetInstaller.exe;C:\Documents and Settings\Georgia\Local Settings\Temp\ICD2.tmp;Trojan.DownLoader.10963;Deleted.;
MCCWrapper.dll;C:\mtemp;Probably DLOADER.Trojan;Incurable.Moved.;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Incurable.Moved.;
alpxutzjeqpmq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Vqten;Deleted.;
jvr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Vqten;Deleted.;
ndis.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS;Trojan.Spambot;Deleted.;
A0103250.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103251.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103252.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103253.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103254.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103255.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103256.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103266.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103327.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0103328.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP281;Trojan.DownLoader.19442;Deleted.;
A0111723.sys;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP301;Trojan.Spambot;Deleted.;

#7 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 June 2007 - 06:10 PM

That scan took so long!! I'm not sure if it shows this in the log, but there were also two suspected trojans which I don't think it deleted, but I think that one of them was legit. Also, my computer is now booting faster than before, but the mcafee message still comes upon logging on, which means its not protecting my computer. :thumbsup:

Edited by gossipgirl, 10 June 2007 - 06:11 PM.


#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 11 June 2007 - 09:30 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Download xplogon.reg to your desktop.
Locate and double-click xplogon.reg.
Note: You will be prompted to confirm this action. Please accept the import when prompted.
Reboot the computer.

(see if the Mcafee error is gone now!)

Step #2

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


#9 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 11 June 2007 - 12:46 PM

Will running the xplogon.reg thing uninstall my mcafee virus software or just get rid of the error? I only want to get rid of the error! Thanks again. :thumbsup:

#10 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 11 June 2007 - 01:20 PM

According to McAfee it fixes the error.. they can't even uninstall your AV via a registry file! So don't be worried!

#11 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 11 June 2007 - 10:14 PM

Incident Status Location

Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/ipinsight Not disinfected c:\windows\inf\conscorr.inf
Virus:vbs/psyme.gen Not disinfected Operating system
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Gwen\Application Data\tvmknwrd.dll
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20041004.htm
Adware:adware/ncase Not disinfected c:\windows\system32\FLEOK
Adware:adware/popper Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@2o7[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris\Cookies\chris@doubleclick[1].txt
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\6.0\16\1afaf450-43aa1e4c[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\6.0\16\1afaf450-43aa1e4c[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\6.0\16\1afaf450-43aa1e4c[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\6.0\16\1afaf450-43aa1e4c[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ceac608-317e24f2.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ceac608-317e24f2.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ceac608-317e24f2.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Georgia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ceac608-317e24f2.zip[Beyond.class]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@888[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ads.addynamix[2].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ads.gorillanation[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@adviva[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@anm.co[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@as-eu.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@atdmt[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@belnk[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@bfast[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@burstnet[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@c.fsx[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@c2.gostats[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ccbill[2].txt
Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@centralmedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@cgi-bin[5].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@clickbank[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@counter.hitslink[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@drivecleaner[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ehg-dig.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@ehg.hitbox[2].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@empnads[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@fastclick[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@fe.lea.lycos[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@fe.lea.lycos[3].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@fortunecity[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@go.drivecleaner[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@go.winantispyware[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@i.screensavers[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@kount[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@landing.domainsponsor[1].txt
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@mbop[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@mediaplex[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@mmm.media-motor[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@perf.overture[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@pop.mircx[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@revenue[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@serving-sys[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@smni[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@stats1.reliablestats[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@statse.webtrendslive[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@systemdoctor[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@targetnet[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@targetsaver[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@target[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@winantivirus[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@winfixer[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.advnt01[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.affiliatefuel[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.burstbeacon[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.errorsafe[1].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.toprebates[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@www.winantivirus[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Georgia\Cookies\georgia@zedo[2].txt
Virus:Generic Trojan Disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\16C.tmp
Virus:Generic Trojan Disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\16E.tmp
Virus:Generic Trojan Disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\16F.tmp
Virus:Generic Trojan Disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\181.tmp
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\conscorr.ini
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@888[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@cgi-bin[5].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@i.screensavers[2].txt
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@mbop[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@stats.drivecleaner[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@www.advnt01[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@www.errorsafe[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@xiti[1].txt
Virus:Trj/Qhost.U Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\II22.exe[host.exe]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\II22.exe[abetterinternet.exe]
Adware:Adware/Mytoolbar Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\mc-110-12-0000103.exe
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\mit111.tmp[NNBar_VCSetup_876075.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\mit111.tmp.cab[NNBar_VCSetup_876075.exe]
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\mma.chm[/alien.cab][amm06.ocx]
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\mma.chm[/joysavsht.cab][amm06.ocx]
Adware:Adware/LocalNRD Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\THI7AFB.tmp\localNrd.inf
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Documents and Settings\Georgia\Local Settings\Temp\winfix.chm[/SystemDoctor2006FreeInstall.cab][USDR6_0001_D08M0404NetInstaller.exe]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@advertising[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@atwola[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@casalemedia[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@cgi-bin[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@fastclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@gostats[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@questionmarket[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@tribalfusion[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Gwen\Cookies\gwen@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Gwen\Desktop\Other\ComboFix.exe[nircmd.exe]
Adware:Adware/TVMedia Not disinfected C:\Documents and Settings\Gwen\DoctorWeb\Quarantine\tvmupdater.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@atdmt[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@casalemedia[2].txt
Spyware:Cookie/Centralmedia Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@centralmedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@doubleclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@go[1].txt
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@mbop[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@offeroptimizer[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@smni[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@tribalfusion[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Yvonne\Cookies\yvonne@xmts[1].txt
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Yvonne\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Yvonne\Local Settings\Temp\conscorr.ini
Virus:Trj/Qhost.T Not disinfected C:\Documents and Settings\Yvonne\Local Settings\Temp\II22.exe[host.exe]
Adware:Adware/MyDailyHoroscope Not disinfected C:\Documents and Settings\Yvonne\Local Settings\Temp\II22.exe[setup_silent_26222.exe]
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Yvonne\Local Settings\Temp\II22.exe[abetterinternet.exe]
Virus:Trj/Downloader.AEE Disinfected C:\Program Files\HijackThis\backups\backup-20060829-192937-693.inf
Hacktool:Rootkit/Spammer.ZX Not disinfected C:\QooBox\Quarantine\catchme2007-06-10_162812.54.zip[kprof]
Virus:Trj/Spammer.ZX Disinfected C:\QooBox\Quarantine\catchme2007-06-10_162812.54.zip[koos.exe]
Hacktool:Rootkit/Spammer.ZX Not disinfected C:\QooBox\Quarantine\catchme2007-06-10_162812.54.zip[poof]
Virus:Trj/Metanu.A Disinfected C:\QooBox\Quarantine\WINDOWS\SYSTEM32\tmp4.tmp.dll.vir
Virus:Generic Trojan Disinfected C:\VundoFix Backups\LXBEng.dll.bad
Virus:Trj/Metanu.A Disinfected C:\VundoFix Backups\tmp42.tmp.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:Trj/Qhost.B Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20040321-175643.backup





VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.3

Scan started at 11:35:06 PM 28/08/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 10:31:35 PM 05/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\tmp42.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\LXBEng.dll
C:\WINDOWS\SYSTEM32\LXBEng.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp42.tmp.dll
C:\WINDOWS\system32\tmp42.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 9:26:47 PM 11/06/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...




Logfile of HijackThis v1.99.1
Scan saved at 11:09:29 PM, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.sympatico.msn.ca/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 67.69.184.143
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#12 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 11 June 2007 - 10:15 PM

Unfortunately, that didn't fix the mcafee error. :thumbsup: Oh and btw, for the vundofix log, the first two things listed are from a long time ago, just in case you don't knotice the dates. When I ran it tonight, nothing was found.

#13 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 12 June 2007 - 02:53 AM

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

#14 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 12 June 2007 - 08:27 AM

ComboFix 07-06-11 - C:\Documents and Settings\Gwen\Desktop\Other\ComboFix.exe
"Gwen" - 2007-06-12 9:16:05 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-11 21:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-06-10 16:54 <DIR> d-------- C:\DOCUME~1\Gwen\DoctorWeb
2007-06-10 16:19 49,152 --a------ C:\WINDOWS\nircmd.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-12 02:54:32 -------- d-----w C:\Program Files\QuickTime
2007-06-12 02:48:28 -------- d-----w C:\Program Files\MSN Messenger
2007-06-12 02:43:33 -------- d-----w C:\Program Files\Lexmark X5100 Series
2007-06-10 22:59:47 -------- d-----w C:\Program Files\Common Files\Motive
2007-05-19 16:31:35 -------- d-----w C:\Program Files\LimeWire
2007-05-15 20:19:05 1,149 ----a-w C:\WINDOWS\eReg.dat
2007-05-15 20:16:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-15 20:16:43 -------- d-----w C:\Program Files\EA GAMES


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-03-28 18:20]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-04 18:25]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-02 13:35]
"POINTER"="point32.exe" []
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-06-02 21:49]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-03-21 12:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 15:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER


Contents of the 'Scheduled Tasks' folder
2007-06-05 21:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2003-06-06 20:35:43 C:\WINDOWS\tasks\ISP signup reminder 1.job
2003-06-06 20:35:43 C:\WINDOWS\tasks\ISP signup reminder 2.job
2003-06-06 20:35:43 C:\WINDOWS\tasks\ISP signup reminder 3.job
2007-06-12 13:19:00 C:\WINDOWS\tasks\McAfee.com Update Check (D8VQYV21-Owner).job
2007-06-12 13:17:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-C).job
2007-06-12 13:19:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-G).job
2007-06-12 13:19:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-G).job
2007-06-12 13:21:00 C:\WINDOWS\tasks\McAfee.com Update Check (D-Y).job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 09:20:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-12 9:21:27
C:\ComboFix-quarantined-files.txt ... 2007-06-12 09:21
C:\ComboFix2.txt ... 2007-06-10 16:33
C:\ComboFix3.txt ... 2007-04-06 01:31

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 9:23:06 AM, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 67.69.184.143
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by gossipgirl, 12 June 2007 - 08:28 AM.


#15 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 14 June 2007 - 10:30 AM

Hi. :thumbsup: Unfortunately, I saw your reply yesterday, and was going to follow the steps today, but if you read the message at the top of the forum, the reply is now gone.. Could you possibly repost it? Thank you very much!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users