Live Chat & Podcast Sunday at 12:00PM Eastern!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
acer audio bios boot bsod computer connection crash dell driver drivers error firefox format freeze hard drive hardware install internet keyboard laptop linksys macro malware network networking outlook outlook 2003 outlook 2007 password problem realtek recovery redirect router server slow toshiba trojan usb video virus vista vpn windows windows 7 windows vista windows xp wireless youtube
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: WinAble?? popups and limewire gone crazy! (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 3 of 4 12 3 4
 
Thread Tools
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
21-Nov-2007, 05:07 PM #31
Well before there was only mine, but i must have created a second one awhile ago called administrator somehow because there are 2.

It has been there for awhile though, im sure i created it when i was trying to get rid of a 'zlob trojan' awhile back

However it only shows in safe mode, when i put the computer on standby and have to click on a username to sign back in, only mine is there, but when i start computer in safe mode, theres administrator and my name.

**i just went in and checked user accounts under the control panel and it only shows mine and guest, guest is turned off.

under my name it says 'computer administrator'
Last edited by =bEC$= : 21-Nov-2007 05:48 PM. Reason: more info
Register for free to hide this ad!
Cookiegal's Avatar
Administrator with 65,424 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
22-Nov-2007, 11:58 AM #32
ComboFix has been updated and is available again so please remove the one you have and redownload it.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
__________________
Microsoft MVP - Consumer Security
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
22-Nov-2007, 06:31 PM #33
ComboFix 07-11-19.3 - Rebecca 2007-11-23 11:15:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.143 [GMT 11:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-21 08:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-17 14:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 21:06 0 --a------ C:\WINDOWS\system32\asfiles.txt
2007-11-16 20:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 08:13 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-16 08:13 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-16 08:13 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-16 04:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 18:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-15 18:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 12:38 --------- d-----w C:\Program Files\Windows Defender
2007-11-20 12:37 --------- d-----w C:\Program Files\Multimedia Card Reader
2007-11-20 12:35 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-11-20 12:33 --------- d-----w C:\Program Files\iTunes
2007-11-20 12:32 --------- d-----w C:\Program Files\Google
2007-11-20 12:32 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-11-16 17:19 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-16 16:02 --------- d-----w C:\Program Files\QuickTime
2007-11-16 16:02 --------- d-----w C:\Program Files\MSN Messenger
2007-11-15 21:33 3,438 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-15 09:47 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Skype
2007-11-15 07:52 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\NCH Swift Sound
2007-11-15 07:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-15 07:43 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\SlipStream
2007-11-15 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-10-02 02:29 1,837 -c--a-w C:\Program Files\DirectX.ini
2006-05-30 13:49 1,124,419 ----a-w C:\Documents and Settings\various installers\wrar34b4.zip
2001-05-10 00:04 162,304 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 03:24]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe" [2005-02-26 11:28]
"System Mechanic Startup Guard"="C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 00:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 06:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 10:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 20:09 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 04:03]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 01:43]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-23 12:13]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-07-07 14:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 21:06]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 20:40 C:\WINDOWS\sm56hlpr.exe]
"SlipStream"="C:\Program Files\Dodo Speed Accelerator\slipcore.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-15 11:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45]

R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys
S3 SGUARD;SGUARD;\??\C:\WINDOWS\system32\drivers\SGuard.sys
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 20:29:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 11:16:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-23 11:17:45
C:\ComboFix2.txt ... 2007-11-18 09:23
C:\ComboFix3.txt ... 2007-11-17 17:22
.
--- E O F ---
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
22-Nov-2007, 06:33 PM #34
also the anti virus im using is avast, would you reccomend i keep it or switch to a different one?
Cookiegal's Avatar
Administrator with 65,424 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
23-Nov-2007, 01:50 PM #35
Open Notepad and copy and paste the text in the quote box below into it:

Quote:
File::
C:\WINDOWS\Fonts\a.zip
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
23-Nov-2007, 05:17 PM #36
ComboFix 07-11-19.3 - Rebecca 2007-11-24 10:05:49.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.157 [GMT 11:00]
Running from: C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rebecca\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Fonts\a.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\a.zip

.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-21 08:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-17 14:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 21:06 0 --a------ C:\WINDOWS\system32\asfiles.txt
2007-11-16 04:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 18:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-15 18:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 22:56 --------- d-----w C:\Program Files\Java
2007-11-20 12:38 --------- d-----w C:\Program Files\Windows Defender
2007-11-20 12:37 --------- d-----w C:\Program Files\Multimedia Card Reader
2007-11-20 12:35 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-11-20 12:33 --------- d-----w C:\Program Files\iTunes
2007-11-20 12:32 --------- d-----w C:\Program Files\Google
2007-11-20 12:32 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-11-16 16:02 --------- d-----w C:\Program Files\QuickTime
2007-11-16 16:02 --------- d-----w C:\Program Files\MSN Messenger
2007-11-15 21:33 3,438 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-15 09:47 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\Skype
2007-11-15 07:52 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\NCH Swift Sound
2007-11-15 07:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-15 07:43 --------- d-----w C:\Documents and Settings\Rebecca\Application Data\SlipStream
2007-11-15 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-03 12:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-05 12:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2006-10-02 02:29 1,837 -c--a-w C:\Program Files\DirectX.ini
2006-05-30 13:49 1,124,419 ----a-w C:\Documents and Settings\various installers\wrar34b4.zip
2001-05-10 00:04 162,304 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-11-23_11.16.43.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-07-25 15:25:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 11:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-07-25 15:26:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 11:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-07-25 17:03:16 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 12:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-11-23 23:01:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 03:24]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe" [2005-02-26 11:28]
"System Mechanic Startup Guard"="C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 00:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 06:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 10:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 20:09 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 01:43]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-23 12:13]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-07-07 14:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 21:06]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 20:40 C:\WINDOWS\sm56hlpr.exe]
"SlipStream"="C:\Program Files\Dodo Speed Accelerator\slipcore.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-15 11:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45]

R3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys
S3 SGUARD;SGUARD;\??\C:\WINDOWS\system32\drivers\SGuard.sys
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 23:03:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 10:07:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-24 10:09:07
C:\ComboFix2.txt ... 2007-11-23 11:17
C:\ComboFix3.txt ... 2007-11-18 09:23
.
--- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:49 AM, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Dodo Speed Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rebecca\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay118.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D04817F-6E1F-4C84-BE30-473F0A7698FD}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{52673C3A-A9ED-47AB-830A-407603036CFC}: Domain = nsw.bigpond.net.au
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8953 bytes
Cookiegal's Avatar
Administrator with 65,424 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
23-Nov-2007, 05:31 PM #37
Can you tell me anything about this zip file?

C:\Documents and Settings\various installers\wrar34b4.zip

I assume the various installers folder is one you created yourself so do you know what that particular zip file is?
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
23-Nov-2007, 07:07 PM #38
Various installers are the installation programs for things like, quicktime, itunes etc.
I made it after i deleted nero trying to fix my cd drive, and couldnt re install it until i got a new cd drive. So i figured if i saved my installer files in one folder it would make life easier instead of having to re-download everything, as i was on dial up at the time.

Its the installation file for win rar, a friend sent to me, i think it was the limited trial version though, he said it would do the job, but it wasnt the full program.
Everytime i open winrar it tells me its shareware and it needs to be registered for full version.

Is it whats causing the problem?
Cookiegal's Avatar
Administrator with 65,424 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
24-Nov-2007, 10:35 AM #39
No, that file would not be a problem. I just wanted to check to be sure that's what it was.


I'm attaching a Fix bEC.zip file. Save it to your desktop. Unzip it and double click the bEC.reg file and allow it to enter the registry.


Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.


I see you already have Ewido but it's been replaced by AVG Anti-Spyware so please remove Ewido via the Control Panel and then proceed with the following:

Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
    Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Reboot to Windows normally and post the results of the AVG Anti-Spyware scan along with a new HijackThis log and the results of a new Panda scan (do the Panda scan last). please.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
__________________
Microsoft MVP - Consumer Security
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
24-Nov-2007, 11:37 PM #40
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:28:38 PM 25/11/2007

+ Scan result:



Nothing found.



::Report end




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:43 PM, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Dodo Speed Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rebecca\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay118.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D04817F-6E1F-4C84-BE30-473F0A7698FD}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{52673C3A-A9ED-47AB-830A-407603036CFC}: Domain = nsw.bigpond.net.au
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 9104 bytes





Incident Status Location

Adware:adware/oemji Not disinfected Windows Registry
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Rebecca\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rebecca\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rebecca\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Rebecca\Desktop\SmitfraudFix\restart.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Rebecca\Desktop\WinPFind3u\MovedFiles\WINDOWS\mrofinu1000106.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Rebecca\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\fxjmqnny.dl l
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Rebecca\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\tlpvhwac.ex e
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
24-Nov-2007, 11:38 PM #41
also, after reading more in here, ive started looking at task manager, sometimes cpu run at 100% and things run slow, also its running 47 proceses!
Cookiegal's Avatar
Administrator with 65,424 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Nov-2007, 10:55 AM #42
As you saying that the TaskManager process itself (taskmgr.exe) is using 100% of the cpu? If not, what process is?
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
25-Nov-2007, 04:14 PM #43
When i click on task manager to open it (right click in tray) it jumps to 100% in the cpu tab, then goes back down.

Before, it was running at 100% in the cpu tab constantly, but i didnt check the processes, i restarted and it was ok.

I was reading that 20-30 processes was ok, i just thought 47 was a bit high, thats all.

The page file usage is around 275 mb, if that means anything.
=bEC$='s Avatar
Member with 82 posts.
  
Join Date: Jul 2006
25-Nov-2007, 04:16 PM #44
its also running 7 svchost.exe, 2 are local service, 2 are system, and the rest are network.

also, when open my email (hotmail) it says windows firewall is blocking msn and should it keep blocking, i click on keep blocking.

**it just happened again, i checked processes and it was iexplore that was using 99%, i ended it, the explorer window closed and it went back to normal.
i was changing from my home page (bigpond) to here when it happened**
Last edited by =bEC$= : 26-Nov-2007 07:33 AM.
Cookiegal's Avatar
Administrator with 65,424 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Nov-2007, 10:22 AM #45
I'm attaching FixbEC2.zip. Save it to your desktop. Unzip it and double-click the FixbEC2.reg file and allow it to enter into the registry. That should fix the Hotmail problem. If you want to access Hotmail, you can't block MSN.

Multiple svchost.exe files is normal.

Let me know how things are after you run the regfix and reboot the machine.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
__________________
Microsoft MVP - Consumer Security
Closed Thread Bookmark and Share   techguy.org/652411
Page 3 of 4 12 3 4

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:48 AM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
 Powered by Cermak Technologies, Inc.