1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help.....pleeeeease

Discussion in 'Virus & Other Malware Removal' started by cardlady47, Jan 30, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. cardlady47

    cardlady47 Thread Starter

    Joined:
    Oct 31, 2004
    Messages:
    121
    I posted a thread on January 22, with a HJTlog and nobody has looked or answered me yet. Can someone please take a look.
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, cardlady47 :)

    The log you previously posted shows no sign of malware.

    Lets take a deeper look:

    Download ComboFix from Here or Here. to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  3. cardlady47

    cardlady47 Thread Starter

    Joined:
    Oct 31, 2004
    Messages:
    121
    Here Combo Fix log:
    "Administrator" - 07-01-30 22:35:08 Service Pack 2
    ComboFix 07.01.30 - Running from: "C:\download"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\INSTALL.LOG


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))


    2007-01-30 18:06 <DIR> d-------- C:\Program Files\NLauncher
    2007-01-30 18:06 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\NLauncher
    2007-01-29 10:41 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-01-29 10:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
    2007-01-28 12:11 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Uniblue
    2007-01-28 09:09 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\vlc
    2007-01-27 22:00 87,608 --a------ C:\DOCUME~1\CARDLA~1\Application Data\ezpinst.exe
    2007-01-27 22:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\1ClickDVDCopyPro
    2007-01-27 18:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nero
    2007-01-27 09:53 88,576 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\rbap550.dll
    2007-01-27 09:53 73,728 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBRegEx550.dll
    2007-01-27 09:53 38,912 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBShell550.dll
    2007-01-27 09:53 29,184 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBInternetEncodings550.dll
    2007-01-27 09:53 1,166,772 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBXML550.dll
    2007-01-27 09:53 1,001,472 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBScript550.dll
    2007-01-27 01:31 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
    2007-01-27 01:31 <DIR> d-------- C:\Program Files\Common Files\Nikon
    2007-01-25 00:52 <DIR> d-------- C:\WINDOWS\Performance
    2007-01-25 00:51 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
    2007-01-25 00:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
    2007-01-22 10:51 356,352 --a------ C:\WINDOWS\PhotoJam 4.scr
    2007-01-22 10:49 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Shockwave.com
    2007-01-21 08:07 <DIR> d-------- C:\Program Files\WhatsRunning
    2007-01-21 00:05 <DIR> d-------- C:\Program Files\Crystal Player
    2007-01-19 20:41 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Serif
    2007-01-12 00:29 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\dvdcss
    2007-01-12 00:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
    2007-01-12 00:06 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
    2007-01-12 00:05 <DIR> d-------- C:\Program Files\Xilisoft
    2007-01-11 21:32 <DIR> d-------- C:\Program Files\Super DVD Ripper
    2007-01-11 21:30 4 --a------ C:\WINDOWS\system32\micro.dll
    2007-01-10 22:31 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\OfficeUpdate12
    2007-01-08 23:45 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
    2007-01-08 23:45 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
    2007-01-08 23:45 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
    2007-01-08 23:45 276,992 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
    2007-01-08 23:45 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
    2007-01-08 23:45 13,952 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
    2007-01-08 23:45 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
    2007-01-08 23:45 <DIR> d-------- C:\Program Files\Prevx1
    2007-01-08 23:45 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Prevx
    2007-01-08 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
    2007-01-07 11:08 <DIR> d--h----- C:\DOCUME~1\CARDLA~1\Application Data\yahoo!
    2007-01-06 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\yahoo!
    2007-01-06 09:59 <DIR> d-------- C:\DOCUME~1\CARDLA~1\SecurityScans
    2007-01-06 09:56 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
    2007-01-01 21:19 <DIR> d-------- C:\SOPHTEMP
    2007-01-01 14:45 <DIR> d-------- C:\DOCUME~1\CARDLA~1\.housecall6.6
    2006-12-31 21:40 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Media Player Classic
    2006-12-31 20:35 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-12-31 20:35 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2006-12-31 20:35 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2006-12-31 20:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2006-12-31 20:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-30 18:28 -------- d-------- C:\Program Files\mozilla firefox
    2007-01-29 23:50 -------- d-------- C:\Program Files\trillian
    2007-01-29 19:56 -------- d-------- C:\Program Files\balloon blast
    2007-01-29 12:34 -------- d-------- C:\Program Files\spywareblaster
    2007-01-29 10:41 -------- d-------- C:\Program Files\skype
    2007-01-28 11:01 -------- d-------- C:\Program Files\registry mechanic
    2007-01-28 10:35 15026 --a--c--- C:\WINDOWS\system32\kgygaavl.sys
    2007-01-28 09:05 -------- d-------- C:\Program Files\videolan
    2007-01-27 22:00 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-01-27 18:35 -------- d-------- C:\Program Files\Common Files\ahead
    2007-01-27 10:44 -------- d-------- C:\Program Files\disney magic artist featuring ulead dvd pictureshow
    2007-01-22 00:06 -------- d-------- C:\Program Files\windows defender
    2007-01-20 09:49 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
    2007-01-19 20:40 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-19 20:40 -------- d-------- C:\Program Files\serif
    2007-01-18 12:13 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2007-01-18 12:13 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2007-01-14 13:09 -------- d-------- C:\Program Files\aol
    2007-01-11 18:15 -------- d-------- C:\Program Files\winx dvd player 3.0
    2007-01-06 23:54 -------- d-------- C:\Program Files\yahoo!
    2007-01-01 13:40 -------- d-------- C:\Program Files\winamp
    2006-12-31 20:32 -------- d-------- C:\Program Files\Common Files\real
    2006-12-31 20:30 -------- d-------- C:\Program Files\quicktime
    2006-12-30 17:51 -------- d-------- C:\Program Files\clonedvd
    2006-12-30 02:03 -------- d-------- C:\Program Files\lavasoft
    2006-12-27 07:45 -------- d-------- C:\Program Files\xero graphics
    2006-12-22 21:08 -------- d-------- C:\Program Files\pc magazine utilities
    2006-12-21 14:54 -------- d-------- C:\Program Files\america online 9.0
    2006-12-18 01:03 -------- d-------- C:\Program Files\mahjong holidays ii
    2006-12-18 01:01 -------- d-------- C:\Program Files\ricochet xtreme
    2006-12-16 10:14 -------- d-------- C:\Program Files\diskeeper corporation
    2006-12-12 20:44 -------- d-------- C:\Program Files\Common Files\adobe
    2006-12-12 19:59 -------- d-------- C:\Program Files\ipswitch
    2006-12-12 13:21 174656 --a------ C:\WINDOWS\system32\psiservice.exe
    2006-12-12 13:21 1456704 --a------ C:\WINDOWS\system32\psikey.dll
    2006-12-09 21:03 -------- d-------- C:\Program Files\popcap games
    2006-12-09 13:54 -------- d-------- C:\Program Files\apple software update
    2006-12-08 23:38 -------- d-------- C:\Program Files\Common Files\aol
    2006-12-08 13:36 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
    2006-12-07 21:27 339968 --a------ C:\WINDOWS\system32\wdbtnmgr.exe
    2006-12-07 21:25 -------- d-------- C:\Program Files\western digital technologies
    2006-12-07 19:20 -------- d-------- C:\Program Files\my book
    2006-12-07 19:20 -------- d-------- C:\Program Files\Common Files\arcsoft
    2006-12-04 20:32 -------- d-------- C:\Program Files\windows media connect 2
    2006-12-04 12:11 -------- d-------- C:\Program Files\filter forge
    2006-12-04 01:29 -------- d-------- C:\Program Files\tarzan
    2006-12-04 01:29 -------- d-------- C:\Program Files\pooh
    2006-12-02 17:38 -------- d-------- C:\Program Files\togo game
    2006-12-02 09:21 -------- d-------- C:\Program Files\security task manager
    2006-11-27 03:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
    2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll
    2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
    2006-11-13 01:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
    2006-11-13 01:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
    2006-11-13 01:02 1866240 --------- C:\WINDOWS\system32\mstscax.dll
    2006-11-13 01:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
    2006-11-10 18:41 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
    2006-11-08 00:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 03:06 600576 --------- C:\WINDOWS\system32\mstsc.exe
    2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe
    2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe
    2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll
    2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll
    2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe
    2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe
    2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
    2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll
    2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-11-02 17:46 248 -r-hsc--- C:\WINDOWS\system32\9cd5e385fc.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"
    "WD Button Manager"="WDBtnMgr.exe"
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
    "location"="Common Startup"
    "item"="Adobe Reader Speed Launch"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    "location"="Common Startup"
    "item"="America Online 9.0 Tray Icon"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    "backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
    "item"="HP Image Zone Fast Start"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOL"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOLDial"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dvd43_tray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\dvd43\\dvd43_tray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Support"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleDesktop"
    "hkey"="HKCU"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="InCD"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MCW"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Monitor Calibration Wizard\\MCW.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RealPlay"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="regmech"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Registry Mechanic\\regmech.exe /QS"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -u"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -u"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\RegCure.job
    C:\WINDOWS\tasks\XoftSpy.job

    Completion time: 07-01-30 22:47:16






    Here is the HJTlog:
    Logfile of HijackThis v1.99.1
    Scan saved at 11:18:54 PM, on 1/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HBSrvApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Cardlady47\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ct.enews.pcmag.com/rd/cts?d=184-3279-1-53-465011-410773-0-0-0-1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add Feed to Data Doctors Digital Dispatch - res://C:\Program Files\Data Doctors Digital Dispatch\Reader.exe/AddContent.js
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/AOL-VideoEggPublisher.exe
    O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
    O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeedMonitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: HBService - Ziff Davis Media, Inc - C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HBSrvApp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: wwSecSvc - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    Thank you for your help.
    One note....after my first post and before these logs I got the Blue Screen and one of the things it mentioned was to check with vendor and see if there has been a BIOS update.
    Should I call Dell.
    Thank you
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, cardlady47 :)

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab


    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Whatever it is, it isn't due to malware. I would suggest you post in the XP forum with the exact error message on the BSOD. It could be due to faulty hardware.

    Best wishes! [​IMG]
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/539737

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice