1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! Popups, Dialog Boxes, and notification area hijacks. Logs included. Help!

Discussion in 'Virus & Other Malware Removal' started by michaelpmock, Oct 22, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. michaelpmock

    michaelpmock Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    5
    Hello, I have read a few other posts that seem to have the same problem as I do. I have constant popups from mainly savetheinformation.com but others as well. I have a triangle warning alert in my notification area and 3 or 4 different kinds of dialog boxes that popup and they all are trying to get me to download some anti-virus, maleware, or spyware program. I have read cheeseball81's replies and I have done the following so far:



    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/supe....html?rid=3132

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.

    I have scanned and the HijackThis log below was done before the scan. Then I have the SUPERAntiSpyware Scan log next. I then have a new HijackThis log that was done after the scan posted last. Please let me know what to do and I will definitely do them verbatim. Thank you for the help. If it works, I think it is worth much more than the stupid $30 spent on SpyHunter. Any suggestions of software that I could purchase that actually works, or should I just use you all and donate?


    Thanks.

    HJT Log -- PRE SCAN

    Logfile of HijackThis v1.99.1
    Scan saved at 10:42:38 PM, on 10/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\FZFA27.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\HYOQYYCA.DLL
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...le/Coupons.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab
    O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab56649.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://jacksonsoftware.webex.com/cl...rt/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TBC-Ministry.local
    O17 - HKLM\Software\..\Telephony: DomainName = TBC-Ministry.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TBC-Ministry.local
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



    SUPERAnitSpyware Log -- POST SCAN

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/22/2007 at 08:48 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3328
    Trace Rules Database Version: 1329

    Scan type : Complete Scan
    Total Scan Time : 01:49:32

    Memory items scanned : 510
    Memory threats detected : 1
    Registry items scanned : 5970
    Registry threats detected : 16
    File items scanned : 33576
    File threats detected : 161

    Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\VTSQN.DLL
    C:\WINDOWS\SYSTEM32\VTSQN.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6624D3D3-227E-483F-B5D6-727F4A767084}
    HKCR\CLSID\{6624D3D3-227E-483F-B5D6-727F4A767084}
    HKCR\CLSID\{6624D3D3-227E-483F-B5D6-727F4A767084}\InprocServer32
    HKCR\CLSID\{6624D3D3-227E-483F-B5D6-727F4A767084}\InprocServer32#ThreadingModel

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\HYOQYYCA.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

    Adware.Tracking Cookie
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][2].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][2].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][2].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][2].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][2].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][1].txt
    C:\Documents and Settings\Jamie Mock\Cookies\jamie [email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][3].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][1].txt
    C:\Documents and Settings\jmock.AC-ADMIN-L-7A47\Cookies\[email protected][2].txt

    Malware.LocusSoftware Inc/BestSellerAntivirus
    C:\DOCUMENTS AND SETTINGS\JMOCK\LOCAL SETTINGS\TEMP\QRJATYDI.EXE
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4510.EXE

    Adware.Search2Find
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4458.LNK
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4459.LNK
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4460.LNK
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4465.LNK
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4466.LNK
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4467.LNK

    Malware.Ultimate Defender
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4461.EXE
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4468.EXE

    Trojan.Unknown Origin
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC4579.EXE
    C:\WINDOWS\SYSTEM32\CP1\DODE83122.EXE

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\RECYCLER\S-1-5-21-3438860041-2224120164-547050394-1221\DC696.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWAS6_0001_N85M1306NETINSTALLER.EXE

    Trojan.Downloader-Gen/Installer
    C:\WINDOWS\B122.EXE



    HJT Log -- POST SCAN/QUARANTINE to follow on accompanying post to this thread.
     
  2. Sponsor

  3. michaelpmock

    michaelpmock Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    5
    HJT Log -- POST SCAN/QUARANTINE

    Logfile of HijackThis v1.99.1
    Scan saved at 9:53:03 AM, on 10/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\AH6B73.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Taylor Publishing\EliteVision\Bin\UV.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Nestle/Coupons.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://jacksonsoftware.webex.com/client/T25L/support/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TBC-Ministry.local
    O17 - HKLM\Software\..\Telephony: DomainName = TBC-Ministry.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TBC-Ministry.local
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix to your Desktop.

    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  5. michaelpmock

    michaelpmock Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    5
    I ran ComboFix, and it went through it's process. It rebooted, but when I tried to log on in the "Log on to:" box it just had (this computer) and not the choice between the computer name and our domain that we are apart of at work. So I clicked on the drop down arrow to look for our domain (the usual account we log on to) and then another dialog box comes up that says "Please wait while the domain list is created." It stalls there and they only thing that I can do to make it respond is press ctrl+alt+delete. I can then select the domain, but when I log in it says that it is loading my preferences then goes straight into closing the connections and goes back into the log in screen to repeat the process. I then shut down the computer and when I tried to restart it said that the Windows/System32/config/system file is missing or corrupted. So I loaded windows back onto the computer so I can use it (because I can't go without it for work). I loaded it on the same drive with regular NTFS partition. I installed it on Windows2 file instead of windows. It ran and booted and I looked in the windows folder and found the system file. It was only 80k and the new windows2 system file was about 8MB. I saw in the windows folder that there was a system.bak file. I copied both files then deleted the 80k file and renamed the .bak file. It would at least let windows load, but I still come back to the original problem stated at the beginning of this post (the logging on issue). I'm not sure what to do, but if you can help, I would be sooooo appreciative.

    Please advise.

    Thank You
     
  6. michaelpmock

    michaelpmock Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    5
    I recently had to install windows again on my machine due to some maleware that the other forum is working with me to get through. I can boot into the original windows right now, but when I try to access any microsoft office programs, they all give me this message. I just don't know how to get around it. Do I really have to reinstall Microsoft for this? Thank you for the help.
     
  7. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,537
    First Name:
    José
    Hi, michaelpmock :)

    This is due to the same reason you were unable to boot. The registry hive is incomplete, thus there are no entries for these programs. You should give Cheeseball81 the opportunity to resolve the issue.

    Question:

    Is there a folder labeled C:\Windows\ERUNT\sUBs in your computer?

    Is the installation back in C:\Windows and not in C:\Windows2 folder?

    I will request this topic to be merged with the previous one.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/641749