Help.....pleeeeease

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cardlady47

Thread Starter
Joined
Oct 31, 2004
Messages
121
I posted a thread on January 22, with a HJTlog and nobody has looked or answered me yet. Can someone please take a look.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, cardlady47 :)

The log you previously posted shows no sign of malware.

Lets take a deeper look:

Download ComboFix from Here or Here. to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

cardlady47

Thread Starter
Joined
Oct 31, 2004
Messages
121
Here Combo Fix log:
"Administrator" - 07-01-30 22:35:08 Service Pack 2
ComboFix 07.01.30 - Running from: "C:\download"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))


2007-01-30 18:06 <DIR> d-------- C:\Program Files\NLauncher
2007-01-30 18:06 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\NLauncher
2007-01-29 10:41 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-29 10:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-28 12:11 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Uniblue
2007-01-28 09:09 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\vlc
2007-01-27 22:00 87,608 --a------ C:\DOCUME~1\CARDLA~1\Application Data\ezpinst.exe
2007-01-27 22:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\1ClickDVDCopyPro
2007-01-27 18:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Nero
2007-01-27 09:53 88,576 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\rbap550.dll
2007-01-27 09:53 73,728 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBRegEx550.dll
2007-01-27 09:53 38,912 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBShell550.dll
2007-01-27 09:53 29,184 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBInternetEncodings550.dll
2007-01-27 09:53 1,166,772 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBXML550.dll
2007-01-27 09:53 1,001,472 --ah----- C:\DOCUME~1\CARDLA~1\Application Data\RBScript550.dll
2007-01-27 01:31 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2007-01-27 01:31 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-01-25 00:52 <DIR> d-------- C:\WINDOWS\Performance
2007-01-25 00:51 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-01-25 00:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-22 10:51 356,352 --a------ C:\WINDOWS\PhotoJam 4.scr
2007-01-22 10:49 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Shockwave.com
2007-01-21 08:07 <DIR> d-------- C:\Program Files\WhatsRunning
2007-01-21 00:05 <DIR> d-------- C:\Program Files\Crystal Player
2007-01-19 20:41 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Serif
2007-01-12 00:29 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\dvdcss
2007-01-12 00:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-01-12 00:06 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-01-12 00:05 <DIR> d-------- C:\Program Files\Xilisoft
2007-01-11 21:32 <DIR> d-------- C:\Program Files\Super DVD Ripper
2007-01-11 21:30 4 --a------ C:\WINDOWS\system32\micro.dll
2007-01-10 22:31 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\OfficeUpdate12
2007-01-08 23:45 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2007-01-08 23:45 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2007-01-08 23:45 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2007-01-08 23:45 276,992 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2007-01-08 23:45 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2007-01-08 23:45 13,952 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2007-01-08 23:45 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2007-01-08 23:45 <DIR> d-------- C:\Program Files\Prevx1
2007-01-08 23:45 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Prevx
2007-01-08 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
2007-01-07 11:08 <DIR> d--h----- C:\DOCUME~1\CARDLA~1\Application Data\yahoo!
2007-01-06 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\yahoo!
2007-01-06 09:59 <DIR> d-------- C:\DOCUME~1\CARDLA~1\SecurityScans
2007-01-06 09:56 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-01-01 21:19 <DIR> d-------- C:\SOPHTEMP
2007-01-01 14:45 <DIR> d-------- C:\DOCUME~1\CARDLA~1\.housecall6.6
2006-12-31 21:40 <DIR> d-------- C:\DOCUME~1\CARDLA~1\Application Data\Media Player Classic
2006-12-31 20:35 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-12-31 20:35 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-12-31 20:35 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-31 20:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-12-31 20:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-30 18:28 -------- d-------- C:\Program Files\mozilla firefox
2007-01-29 23:50 -------- d-------- C:\Program Files\trillian
2007-01-29 19:56 -------- d-------- C:\Program Files\balloon blast
2007-01-29 12:34 -------- d-------- C:\Program Files\spywareblaster
2007-01-29 10:41 -------- d-------- C:\Program Files\skype
2007-01-28 11:01 -------- d-------- C:\Program Files\registry mechanic
2007-01-28 10:35 15026 --a--c--- C:\WINDOWS\system32\kgygaavl.sys
2007-01-28 09:05 -------- d-------- C:\Program Files\videolan
2007-01-27 22:00 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-27 18:35 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-27 10:44 -------- d-------- C:\Program Files\disney magic artist featuring ulead dvd pictureshow
2007-01-22 00:06 -------- d-------- C:\Program Files\windows defender
2007-01-20 09:49 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-19 20:40 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 20:40 -------- d-------- C:\Program Files\serif
2007-01-18 12:13 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-18 12:13 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-14 13:09 -------- d-------- C:\Program Files\aol
2007-01-11 18:15 -------- d-------- C:\Program Files\winx dvd player 3.0
2007-01-06 23:54 -------- d-------- C:\Program Files\yahoo!
2007-01-01 13:40 -------- d-------- C:\Program Files\winamp
2006-12-31 20:32 -------- d-------- C:\Program Files\Common Files\real
2006-12-31 20:30 -------- d-------- C:\Program Files\quicktime
2006-12-30 17:51 -------- d-------- C:\Program Files\clonedvd
2006-12-30 02:03 -------- d-------- C:\Program Files\lavasoft
2006-12-27 07:45 -------- d-------- C:\Program Files\xero graphics
2006-12-22 21:08 -------- d-------- C:\Program Files\pc magazine utilities
2006-12-21 14:54 -------- d-------- C:\Program Files\america online 9.0
2006-12-18 01:03 -------- d-------- C:\Program Files\mahjong holidays ii
2006-12-18 01:01 -------- d-------- C:\Program Files\ricochet xtreme
2006-12-16 10:14 -------- d-------- C:\Program Files\diskeeper corporation
2006-12-12 20:44 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-12 19:59 -------- d-------- C:\Program Files\ipswitch
2006-12-12 13:21 174656 --a------ C:\WINDOWS\system32\psiservice.exe
2006-12-12 13:21 1456704 --a------ C:\WINDOWS\system32\psikey.dll
2006-12-09 21:03 -------- d-------- C:\Program Files\popcap games
2006-12-09 13:54 -------- d-------- C:\Program Files\apple software update
2006-12-08 23:38 -------- d-------- C:\Program Files\Common Files\aol
2006-12-08 13:36 11648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-12-07 21:27 339968 --a------ C:\WINDOWS\system32\wdbtnmgr.exe
2006-12-07 21:25 -------- d-------- C:\Program Files\western digital technologies
2006-12-07 19:20 -------- d-------- C:\Program Files\my book
2006-12-07 19:20 -------- d-------- C:\Program Files\Common Files\arcsoft
2006-12-04 20:32 -------- d-------- C:\Program Files\windows media connect 2
2006-12-04 12:11 -------- d-------- C:\Program Files\filter forge
2006-12-04 01:29 -------- d-------- C:\Program Files\tarzan
2006-12-04 01:29 -------- d-------- C:\Program Files\pooh
2006-12-02 17:38 -------- d-------- C:\Program Files\togo game
2006-12-02 09:21 -------- d-------- C:\Program Files\security task manager
2006-11-27 03:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-16 19:47 524288 --a------ C:\WINDOWS\opuc.dll
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\aoldial.dll
2006-11-13 01:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 01:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 01:02 1866240 --------- C:\WINDOWS\system32\mstscax.dll
2006-11-13 01:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-10 18:41 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2006-11-08 00:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:06 600576 --------- C:\WINDOWS\system32\mstsc.exe
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 17:46 248 -r-hsc--- C:\WINDOWS\system32\9cd5e385fc.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP"
"WD Button Manager"="WDBtnMgr.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"location"="Common Startup"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dvd43_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\dvd43\\dvd43_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Support"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MCW"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Monitor Calibration Wizard\\MCW.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="regmech"
"hkey"="HKLM"
"command"="C:\\Program Files\\Registry Mechanic\\regmech.exe /QS"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 07-01-30 22:47:16






Here is the HJTlog:
Logfile of HijackThis v1.99.1
Scan saved at 11:18:54 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HBSrvApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Cardlady47\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ct.enews.pcmag.com/rd/cts?d=184-3279-1-53-465011-410773-0-0-0-1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add Feed to Data Doctors Digital Dispatch - res://C:\Program Files\Data Doctors Digital Dispatch\Reader.exe/AddContent.js
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/AOL-VideoEggPublisher.exe
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeedMonitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HBService - Ziff Davis Media, Inc - C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HBSrvApp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: wwSecSvc - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Thank you for your help.
One note....after my first post and before these logs I got the Blue Screen and one of the things it mentioned was to check with vendor and see if there has been a BIOS update.
Should I call Dell.
Thank you
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Hi, cardlady47 :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab


Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Whatever it is, it isn't due to malware. I would suggest you post in the XP forum with the exact error message on the BSOD. It could be due to faulty hardware.

Best wishes!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top