1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cox Virus Scan Problem

Discussion in 'Virus & Other Malware Removal' started by BigRC, Dec 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    Hi all: I am using XP and IE7. Computer slowing down and a lot of lag when gaming. I have be watching the task manager and noticed that the syssvcnt.exe (associated with the Cox virus scan package) seems to be bleeding off my memory. I watch the CPU and Memory Usage readings and My available memory numbers bleed down as the memory usage numbers for the syssvcnt.exe increase. The gauge that shows the page file usage also increases as long as I have the virus scan enabled. Starts at approx. 270k after reboot and climbs to over 1gig after a few hours. Is this normal? I also notice a cpu usage spike that jumps to 60 or 70 percent about every 5 minutes. This happens with or without the virus scan enabled. I think this causes a lot of the lag I'm getting while gaming. What could be causing that? I am attaching a HijackThis log. Hope you can help.
    Thanks, BigRC

    Logfile of HijackThis v1.99.1
    Scan saved at 9:26:21 PM, on 12/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Cox\Applications\App\syssvcnt.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
    O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - C:\Program Files\Cox\Applications\App\syssvcnt.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Hi and welcome to TSG,

    We are sorry your thread got overlooked. Do you still require assistance with this? If so please post a new HijackThis log and I will be happy to assist. :)
     
  3. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    Hope you can help. Here is the latest log.
    Logfile of HijackThis v1.99.1
    Scan saved at 5:43:08 PM, on 12/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Cox\Applications\App\syssvcnt.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Cox\Applications\App\Console.exe
    C:\Documents and Settings\Owner\My Documents\Misc. Stuff\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
    O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - C:\Program Files\Cox\Applications\App\syssvcnt.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
     
  5. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    I downloaded and ran vundofix. It hung up at file updspapi.dll twice, so I shut down the cox security suite and it seemed to run OK and scanned pass the updspapi.dll file, until the screen went black. I waited 30minutes and had to reboot. What now?
    Thanks, Rex
    Merry Christmas!!
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

    Start in Safe Mode Using the F8 method:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.

    Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log.
     
  7. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    Sorry for all the trouble, but having more problems. I followed your instructions and started the scan. Left the room for about 15 minutes and returned to a blank screen. Rebooted in safemode again and ran scan over. It scanned until it reached this file:
    pec2 7/11/1997 163384 C:\windows\system 32\ODBCJET.HLP ( )
    The computer locked up. Could not move hour glass. HD light out.
    Rebooted normally. No WinPFind.txt file in the folder. What now?
    Rex:(
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Can you try running it in normal mode then.
     
  9. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    Hi CookieGal: Tried again in Normal mode. Ran to same file and went black. Had to reboot.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  11. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    During scan a windows - No Disk window came up and HD stopped a few seconds later. waited a couple of minutes and pressed the cancel but the window kept coming back. Drug the window out of the Combofix window and hit cancel and it went away and the HD light started again. It finished scan and made log. Here it is.
    Owner - 06-12-26 21:36:25.04 Service Pack 2
    ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Owner\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 ))))))))))))))))))))))))))))))))))


    2006-12-25 11:40 <DIR> d-------- C:\VundoFix Backups
    2006-12-24 17:03 <DIR> d--hs---- C:\Config.Msi
    2006-12-17 21:21 <DIR> d-------- C:\Program Files\HijackThis
    2006-12-17 21:10 <DIR> d-------- C:\Program Files\Common Files\Java
    2006-12-14 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-12-11 19:25 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
    2006-12-11 16:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nova Development
    2006-12-11 16:34 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2006-12-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nova Development
    2006-12-11 08:33 79,336 --a------ C:\WINDOWS\system32\wscapi.dll
    2006-12-11 07:24 36,864 --a------ C:\WINDOWS\system32\drivers\GRTdiMon.sys
    2006-11-30 20:13 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
    2006-11-30 20:13 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
    2006-11-30 20:13 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
    2006-11-30 20:13 <DIR> d-------- C:\Program Files\Intel
    2006-11-30 05:40 150,016 --a------ C:\WINDOWS\system32\Unzip32.dll
    2006-11-30 05:40 <DIR> d-------- C:\Program Files\Camtech


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-25 19:30 -------- d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
    2006-12-24 17:06 -------- d-------- C:\Program Files\Common Files\PestPatrol
    2006-12-24 17:05 -------- d-------- C:\Program Files\Common Files\Command Software
    2006-12-18 11:51 3887 --a------ C:\WINDOWS\viassary-hp.reg
    2006-12-17 21:10 -------- d-------- C:\Program Files\Java
    2006-12-17 21:10 -------- d-------- C:\Program Files\Common Files
    2006-12-17 21:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-12-14 18:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
    2006-12-14 03:00 -------- d-------- C:\Program Files\Outlook Express
    2006-12-14 03:00 -------- d-------- C:\Program Files\Common Files\System
    2006-12-11 18:46 -------- d-------- C:\Program Files\Microsoft Works
    2006-12-11 16:34 -------- d-------- C:\Program Files\Nova Development
    2006-12-10 10:26 -------- d-------- C:\Program Files\PrintMaster 16
    2006-12-10 10:25 -------- d-------- C:\Program Files\Common Files\Broderbund
    2006-12-10 10:20 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
    2006-12-07 00:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-17 13:27 -------- d-------- C:\Program Files\IncrediMail
    2006-11-14 20:33 -------- d-------- C:\Program Files\MSXML 4.0
    2006-11-14 16:48 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 16:34 -------- d-------- C:\Program Files\Common Files\Authentium Shared
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-27 16:06 -------- d-------- C:\Program Files\Cox
    2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-06 15:19 189984 --a------ C:\WINDOWS\system32\grfilter.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "RecordNow!"=""
    "BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
    "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
    "Start WingMan Profiler"=""
    "LDM"="\\Program\\BackWeb-8876480.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
    "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "VTTimer"="VTTimer.exe"
    "LTMSG"="LTMSG.exe 7"
    "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
    "Logitech Utility"="Logi_MwX.Exe"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "AlcxMonitor"="ALCXMNTR.EXE"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "ESP"="C:\\Program Files\\Cox\\Applications\\app\\start.exe"
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000002

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,68,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,68,03,\
    00,00,01,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    Completion time: 06-12-26 21:43:07.09
    C:\ComboFix.txt ... 06-12-26 21:43

    Will make another post with the HiJackThis log.
    Thanks, Rex
     
  12. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    Owner - 06-12-26 21:36:25.04 Service Pack 2
    ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Owner\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-26 to 2006-12-26 ))))))))))))))))))))))))))))))))))


    2006-12-25 11:40 <DIR> d-------- C:\VundoFix Backups
    2006-12-24 17:03 <DIR> d--hs---- C:\Config.Msi
    2006-12-17 21:21 <DIR> d-------- C:\Program Files\HijackThis
    2006-12-17 21:10 <DIR> d-------- C:\Program Files\Common Files\Java
    2006-12-14 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-12-11 19:25 <DIR> dr-h----- C:\Documents and Settings\Owner\Recent
    2006-12-11 16:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nova Development
    2006-12-11 16:34 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2006-12-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nova Development
    2006-12-11 08:33 79,336 --a------ C:\WINDOWS\system32\wscapi.dll
    2006-12-11 07:24 36,864 --a------ C:\WINDOWS\system32\drivers\GRTdiMon.sys
    2006-11-30 20:13 44,875 --a------ C:\WINDOWS\system32\IPrtCnst.dll
    2006-11-30 20:13 13,891 --a------ C:\WINDOWS\system32\drivers\IdeBusDr.sys
    2006-11-30 20:13 101,431 --a------ C:\WINDOWS\system32\drivers\IdeChnDr.sys
    2006-11-30 20:13 <DIR> d-------- C:\Program Files\Intel
    2006-11-30 05:40 150,016 --a------ C:\WINDOWS\system32\Unzip32.dll
    2006-11-30 05:40 <DIR> d-------- C:\Program Files\Camtech


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-25 19:30 -------- d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
    2006-12-24 17:06 -------- d-------- C:\Program Files\Common Files\PestPatrol
    2006-12-24 17:05 -------- d-------- C:\Program Files\Common Files\Command Software
    2006-12-18 11:51 3887 --a------ C:\WINDOWS\viassary-hp.reg
    2006-12-17 21:10 -------- d-------- C:\Program Files\Java
    2006-12-17 21:10 -------- d-------- C:\Program Files\Common Files
    2006-12-17 21:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-12-14 18:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
    2006-12-14 03:00 -------- d-------- C:\Program Files\Outlook Express
    2006-12-14 03:00 -------- d-------- C:\Program Files\Common Files\System
    2006-12-11 18:46 -------- d-------- C:\Program Files\Microsoft Works
    2006-12-11 16:34 -------- d-------- C:\Program Files\Nova Development
    2006-12-10 10:26 -------- d-------- C:\Program Files\PrintMaster 16
    2006-12-10 10:25 -------- d-------- C:\Program Files\Common Files\Broderbund
    2006-12-10 10:20 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
    2006-12-07 00:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-17 13:27 -------- d-------- C:\Program Files\IncrediMail
    2006-11-14 20:33 -------- d-------- C:\Program Files\MSXML 4.0
    2006-11-14 16:48 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 16:34 -------- d-------- C:\Program Files\Common Files\Authentium Shared
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-27 16:06 -------- d-------- C:\Program Files\Cox
    2006-10-19 07:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-06 15:19 189984 --a------ C:\WINDOWS\system32\grfilter.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "RecordNow!"=""
    "BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
    "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
    "Start WingMan Profiler"=""
    "LDM"="\\Program\\BackWeb-8876480.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
    "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "VTTimer"="VTTimer.exe"
    "LTMSG"="LTMSG.exe 7"
    "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
    "Logitech Utility"="Logi_MwX.Exe"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "AlcxMonitor"="ALCXMNTR.EXE"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "ESP"="C:\\Program Files\\Cox\\Applications\\app\\start.exe"
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000002

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,68,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,68,03,\
    00,00,01,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

    Completion time: 06-12-26 21:43:07.09
    C:\ComboFix.txt ... 06-12-26 21:43


    Thanks again for all your help and patience. Rex
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
    1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    5. If you have any infections you will be prompted. Then select "Apply all actions."
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  14. BigRC

    BigRC Thread Starter

    Joined:
    Dec 17, 2006
    Messages:
    48
    AVG updates, gives me a "server down please try again later" message. I have been waiting a couple of hours. Is this normal?
    Thanks, Rex:cool:
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    I justed updated mine with no problems. Can you try again please?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/527543

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice