1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Outerinfo popups and Internet Speed Monitor

Discussion in 'Virus & Other Malware Removal' started by x_Tang, Oct 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    I posted yesterday but didn't get any response.
    I was having many many issues with pop-ups from both outerinfo and internet speed monitor on my fiance's computer (this all was happening yesterday).

    I haven't had any pop-ups come up today but I keep getthing this pop-up alert:

    "Sever Busy

    This action cannot be completed because the other program is busy. Choose 'Swtich To' to activate the busy program and correct the problem."

    It has a 'Switch to...", "Retry" and "cancel" button, of which you can only click on Swtich to and Retry. I click on switch to and it always takes me to the start menu. It won't stop popping up, so I assume it has something to do with one of these pop-up problems.

    Also, it won't let me load up firefox now (so annoying). There's an explore bar (on IE) for Internet Speed Monitor and there's also an explore bar for MoneySide. Both of which my fiance said he didn't install. So yeah.

    I ran HJT and here's my log.
    I'll be hopping onto my own computer now, to keep my eye on this thread and to be able to do things with his computer and look at this thread at the same time.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:24:24 PM, on 10/29/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\mcafee.com\Agent\mcagent.exe
    C:\Program Files\mcafee.com\Agent\mcupdate.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\tsitra72.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe
    C:\Program Files\ISM\ISMModule8.exe
    C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe
    C:\Program Files\WinAble\winable.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\IA\command.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Words\Words.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
    O2 - BHO: (no name) - {9C946E02-A2C3-AC65-BB2B-FE8A368624C5} - C:\WINDOWS\System32\dnpp.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
    O4 - HKCU\..\Run: [ISMModule8] "C:\Program Files\ISM\ISMModule8.exe"
    O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
    O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9513 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You have no Service Packs installed... :( Why is that?

    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  3. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    It's not my computer. I don't know why he doesn't have a service pack.

    I actually got rid of the internet speed monitor...so that's one thing that's gone.
    I'll jump on his computer and download/run that program.
     
  4. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    Uhm...well, I got on his computer.
    Downloaded Combofix and started running it.
    I didn't touch it while it was doing it's thing...
    I thought it finished and said it was opening a new window. So it did that and it said something (I can't remember what) and made all the icons on his desktop go away and his bar down at the bottom...and yeah, I basically had to hard restart the computer because nothing was happening and I couldn't get to the start menu. D:

    I loaded the computer back up just now...and every thing's back on the desktop like it should be.

    There's an extra thing though...a folder labled "catchme" and the icon is a folder with a zipper on it. Is that from combofix? @[email protected];

    Also, a DOS window has popped up and then disappeared a few times since restarting the computer.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Yes that is from combofix.

    Can you post a new hijackthis log?
     
  6. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    After having running combofix...I haven't had any issues with pop ups on this computer.

    Anyway....here's the HJT log..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:53, on 2007-10-31
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\mcafee.com\Agent\mcagent.exe
    C:\Program Files\mcafee.com\Agent\mcupdate.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\internet explorer\iexplore.exe
    c:\Program Files\Microsoft Money\System\urlmap.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
    O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Barret\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8110 bytes
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You didn't post the combofix log.


    Go to add/remove programs and remove these if you did not install them:
    ViewpointService
    Viewpoint Manager



    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  8. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    Is the combofix log the catchme thing?
    And I'm pretty sure the viewpoint thing was installed for AIM.
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    yes, combofix uses catchme.


    I'm pretty sure it's an add on and not required for AIM to work. It is an option that you missed in the installation.
     
  10. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    Well, it's my fiance's computer and I'm not sure if he has it downloaded for something else or not.
    He's at work right now, so I can't ask him.

    I've actually gotta head off of here for now.
    Probably won't be back on 'til tomorrow...so yeah.
    I'll run everything next time I'm online.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  12. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    Sorry I didn't come back when I said I would.
    Ended up getting busy irl and didn't have time for the computer.


    Here's my Super AntiSpyware log....
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/04/2007 at 06:10 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3337
    Trace Rules Database Version: 1338

    Scan type : Complete Scan
    Total Scan Time : 02:12:28

    Memory items scanned : 386
    Memory threats detected : 0
    Registry items scanned : 5037
    Registry threats detected : 5
    File items scanned : 79911
    File threats detected : 88

    Adware.Tracking Cookie
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][3].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][2].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt
    C:\Documents and Settings\Barret\Cookies\[email protected][1].txt

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

    Malware.RepairRegistryPro
    C:\Documents and Settings\Barret\Start Menu\Programs\Repair Registry Pro

    Adware.AdSponsor/ISM
    HKU\.DEFAULT\Software\BndDrive
    HKU\S-1-5-18\Software\BndDrive
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP290\A0044051.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP338\A0050972.EXE

    Trojan.Downloader-Gen/Inst2
    C:\251.TMP
    C:\28E.TMP

    Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\BARRET\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IB2VE12V\INSTALLER[1].EXE
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMA.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQML.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMM.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\IA\KE.VBS.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAPIICC.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051030.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051031.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051033.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051048.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051053.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051054.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051056.EXE
    C:\WINDOWS\MROFINU72.EXE

    BearShare File Sharing Client
    C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

    Adware.Unknown Origin
    C:\PROGRAM FILES\COMMON FILES\OQQM\OQQMD\CLASS-BARREL
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMD\VOCABULARY.VIR

    Adware.ClickSpring
    C:\qoobox\Quarantine\C\Documents and Settings\Barret\My Documents\WNSXS~1\TTRIBE~1.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CROSOF~1.NET\SVCHOST.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DNPP.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051039.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051050.EXE

    Unclassified.Unknown Origin/System
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMD\OQQMC.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051058.DLL

    Trojan.Downloader-Gen
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\OQQM\OQQMP.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051057.EXE

    Trojan.NetMon/DNSChange
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051049.EXE

    Trojan.Downloader-Gen/Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B128.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051035.EXE

    Adware.Adservs
    C:\QOOBOX\QUARANTINE\C\WINDOWS\IA\ASAPPSRV.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051041.DLL

    Unclassified.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\IA\COMMAND.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051040.EXE

    TargetSaver, Inc. Process
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP339\A0051059.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\W1SHMRSX\8154ff2675af1b6e0677560871425153[1].zip
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\mrofinu[1].zip
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\GHS58LG9\ctxad-570[1].sig
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\ack[2].htm
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\tsupdate2[1].php
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\PO913L17\4db3e14be68297b54dc897edcc80680f[1].zip
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\718f466754402ac597de014577627f96[1].zip
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\ack[1].htm
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\c1f5cc94a30f082054f3a00e6655462d[1].zip
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\IB2VE12V\f4d28682d186cc6beb75f106d133f489[1].zip
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\YD0JQHM5\affupdate2[1].php
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\W1SHMRSX\ack[1].htm
    C:\Documents and Settings\Barret\Local Settings\Temporary Internet Files\Content.IE5\OL4JK3CN\08e5626e1b84ac1aec80dc870a7411e3[1].zip





    And here's the HJT log...
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:36, on 2007-11-04
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\mcafee.com\Agent\mcagent.exe
    C:\Program Files\mcafee.com\Agent\mcupdate.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    c:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
    O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Barret\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8481 bytes



    I opened the catchme folder and there was no txt file...so yeah.
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HijackThis and click Open the Misc Tools section
    Click Open Uninstall Manager, Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of the log here in your next reply.
     
  14. x_Tang

    x_Tang Thread Starter

    Joined:
    Sep 25, 2005
    Messages:
    38
    1602 A.D.
    Ad-Aware SE Personal
    Adobe Acrobat 5.0
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    AIM 6.0
    AOL Instant Messenger
    Command & Conquer Red Alert 2
    Command & Conquer Tiberian Sun
    Command && Conquer Red Alert 2 - Yuri's Revenge
    Detto IntelliMover
    Diablo II
    Easy Internet Sign-up
    Google Earth
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Hero Editor V0.95
    HijackThis 2.0.2
    hp center
    HP Instant Support
    Inactive HP Printer Drivers (Remove only)
    KazooStudio
    KBD
    Learn to Play Magic
    Lernout & Hauspie TruVoice American English TTS Engine
    Magic Online
    MarketBrowser
    McAfee.com Agent
    McAfee.com VirusScan Online
    Microsoft Age of Empires Gold
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Money 2002
    Microsoft Money 2002 System Pack
    Microsoft Office XP Professional with FrontPage
    Microsoft Works 6.0
    Microsoft Works and Money 2002 Setup Launcher
    Mozilla Firefox (2.0.0.9)
    My Photo Center
    MySpaceIM
    NVIDIA Windows 2000/XP Display Drivers
    PC-Doctor for Windows
    PowerDVD
    Python 1.5 combined Win32 extensions
    Python 1.5.2 (final)
    Quicken 2002 New User Edition
    Quicken Financial Center
    QuickTime
    Roll
    SUPERAntiSpyware Free Edition
    Tcl 8.0.5 for Windows
    The Sims Deluxe Edition
    UltimateBet
    UltimateBuddy
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    WeatherBug
    WildTangent Web Driver
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows XP Hotfix (SP1) [See Q308387 for more information]
    Windows XP Hotfix (SP1) [See Q308676 for more information]
    Windows XP Hotfix (SP1) [See Q308677 for more information]
    WordPerfect Office 2002 Try Before You Buy
    WordPerfect Office 2002 Try Before You Buy
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar
    Zero-Knowledge Freedom
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKCU\..\Run: [Tray Temperature] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [WhenUSave] "C:\PROGRA~1\Save\Save.exe"
    O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\CROSOF~1.NET\svchost.exe" -vt yazb
    O4 - HKCU\..\Run: [Svcmn] "C:\Documents and Settings\Barret\My Documents\W?nSxS\?ttrib.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Barret\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Barret\Application Data\Microsoft\Windows\qrrvmq.exe
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Run Trend Micro's FREE online virus scanner

    Post the results from Scan with a new hijackthis log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Outerinfo popups Internet
  1. medreth
    Replies:
    1
    Views:
    486
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/645418

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice