please help hijack log

[Cindy0515]

Hi
My computer is running really slow especially on startup. I ran adaware and spybot got rid of those items and still running slow. Please help me get rid of start up items that are not necessary even if its programs I use that I can start up later or any other things that shouldnt be there.
Thank You
Cindy

Here is my hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:18:41 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINNT\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLHostManager.exe
C:\Program Files\IM Grabber\IMGrabber.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\HPHipm09.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\system32\hphmon03.exe
O4 - HKLM\..\Run: [AOL Desktop Search EXE Service] "C:\Program Files\Common Files\AOL\1100502432\EE\services\contentbrowser\ver1\DesktopSearch\AOLDesktopSearchService.exe" /boot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100542389\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINNT\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IMGrabber] C:\WINNT\system32\IMG\IMGrabber.exe UI
O4 - HKLM\..\Run: [IMViewer] C:\WINNT\system32\IMG\IMViewer.exe tray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [PTRUN32] C:\WINNT\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: Guardian - C:\WINNT\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: DeepSight Extractor CC Service (ccExtractorService) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MGS - Unknown owner - C:\WINNT\system32\IMG\IMGrabber.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

 

[Flrman1]

First please do this:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


Go to the forum here and upload the files found in the C:\WINNT\system32\ptrun32 folder.

Here are the directions for uploading the files:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the files on your computer. If there are multiple files to be uploaded click the "More attachments" button for each extra file and browse to the files. When all the files are listed in the windows click "Post" to upload the files.

 

[Cindy0515]

Hi
I did exactly what you said to do but there is nothing in that folder? ptrun32 is empty no files in there.
Please help...

Cindy

 

[Flrman1]

Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

 

[Cindy0515]

Hi
I ran the Panda Scan and it found the following. It took over 8 hours to run the scan that is how bad my computer it. Some of them did not exist when I looked for them in WINNT I also posted a new hijack log below thank you Cindy



Incident Status Location

Spyware:Spyware/CommonName No disinfected C:\WINNT\system32\winnet.ini
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\Updater
Adware:Adware/BookedSpace No disinfected C:\WINNT\bsx32
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Spyware:Spyware/Virtumonde No disinfected C:\WINNT\bsx32.ini
Adware:Adware/Stopzilla No disinfected Windows Registry




Logfile of HijackThis v1.99.1
Scan saved at 1:39:59 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINNT\system32\hphmon03.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINNT\system32\HPHipm09.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLHostManager.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
C:\Program Files\IM Grabber\IMGrabber.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINNT\explorer.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\system32\hphmon03.exe
O4 - HKLM\..\Run: [AOL Desktop Search EXE Service] "C:\Program Files\Common Files\AOL\1100502432\EE\services\contentbrowser\ver1\DesktopSearch\AOLDesktopSearchService.exe" /boot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100542389\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINNT\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IMGrabber] C:\WINNT\system32\IMG\IMGrabber.exe UI
O4 - HKLM\..\Run: [IMViewer] C:\WINNT\system32\IMG\IMViewer.exe tray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [PTRUN32] C:\WINNT\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} - https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - Winlogon Notify: Guardian - C:\WINNT\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: DeepSight Extractor CC Service (ccExtractorService) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MGS - Unknown owner - C:\WINNT\system32\IMG\IMGrabber.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

 

[Flrman1]

I don't know why I didn't find thi before, but the ptrun32.exe file is this:

http://castlecops.com/s2868-ptrun32_exe.html

http://www.parent-tools.com/

 

[Flrman1]

* Go here to download CCleaner.

• Install CCleaner
• Launch CCleaner and look in the upper right corner and click on the "Options" button.
• Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
• Click OK
• Do not run CCleaner yet. You will run it later in safe mode.

* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O20 - Winlogon Notify: Guardian - C:\WINNT\


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\system32\winnet.ini

C:\WINNT\NDNuninstall*.exe

C:\WINNT\bsx32.ini

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Delete these folders:

C:\Program Files\Common Files\Updater
C:\Program Files\Media Access


Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

When the scan is finished, anything that it cannot clean have it delete it. Click "Print Report". The report will open in your browser. Go to File > Save As and save the file to your desktop. Under "Save as type" click the dropdown menu and choose "Text file (*.txt) and save it as a text file.

Post a new HiJackThis log along with the report from the Housecall scan

 

[Cindy0515]

Hi
Here is what the trend micro housecall showed

Spyware Check 8 spyware programs detected

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 8 spyware(s) on your computer. Only 0 out of 0 spywares are displayed.
Spyware Name Spyware Type
COOKIE_3182 Cookie
SPYW_BIGBRO.10 Spyware
SPYW_TIMESINK.A Spyware
ADW_VERTICITY.A Adware
SPYW_PCDETECT.24 Spyware
SPYW_WEBSEARCH.A Spyware
SPYW_FPTLBAR.100 Spyware
SPYW_SOFTOMATE.A Spyware




Microsoft Vulnerability Check 1 vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 1 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.

Here is another hijack log

Logfile of HijackThis v1.99.1
Scan saved at 1:07:30 AM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\WINNT\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\IM Grabber\IMGrabber.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLHostManager.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\HPHipm09.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\system32\hphmon03.exe
O4 - HKLM\..\Run: [AOL Desktop Search EXE Service] "C:\Program Files\Common Files\AOL\1100502432\EE\services\contentbrowser\ver1\DesktopSearch\AOLDesktopSearchService.exe" /boot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100542389\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IM Grabber] C:\Program Files\IM Grabber\IMGrabber.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [IMGrabber] C:\WINNT\system32\IMG\IMGrabber.exe UI
O4 - HKLM\..\Run: [IMViewer] C:\WINNT\system32\IMG\IMViewer.exe tray
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [PTRUN32] C:\WINNT\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: DeepSight Extractor CC Service (ccExtractorService) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MGS - Unknown owner - C:\WINNT\system32\IMG\IMGrabber.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

 

[Flrman1]

Did housecall clean/fix what it found?

 

[Flrman1]

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

Restart your computer.




Go to Start > Run and type in msconfig.
Click OK or hit the Enter key.

Click on the "Startup" tab and remove the check by these:

HPHmon03
AOL Desktop Search EXE Service
IM Grabber
MViewer
PTRUN32
Microsoft Works Update Detection

Click "Apply" then "Close"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

Go here for info on msconfig:

http://www.pacs-portal.co.uk/startup_index.htm

You can look up the startups here to help determine what is needed and what is not:

http://computercops.biz/StartupList.html

here:

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

And here:

http://www.windowsstartup.com/wso/browse.php?l=8&start=50&end=75



Defrag your HD:

http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

 

[Cindy0515]

Hi Flrman
You are so great!!! My computer is defiantely running better. The Panda scan still shows files but when I try to locate them in the registry they are not there. I am running another panda scan now. I did the kill box also and they say they do not exist. Here is another Hijack log is there anything else I can get rid of? I kept imgrabber I use it to track my children. I will post one more panda scan after it is done. Thank you for taking the time to help me it is so much appreciated. You have always helped me and I truly thank you.....Cindy



Logfile of HijackThis v1.99.1
Scan saved at 1:57:36 PM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLHostManager.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINNT\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\COMMON~1\AOL\1100542389\EE\AOLServiceHost.exe
C:\WINNT\system32\IMG\IMGrabber.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100542389\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IMGrabber] C:\WINNT\system32\IMG\IMGrabber.exe UI
O4 - HKLM\..\Run: [IMViewer] C:\WINNT\system32\IMG\IMViewer.exe tray
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [PTRUN32] C:\WINNT\system32\ptrun32\ptr32w.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/downloads/games/common/boot_strap/iegils.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: DeepSight Extractor CC Service (ccExtractorService) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MGS - Unknown owner - C:\WINNT\system32\IMG\IMGrabber.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

 

[Flrman1]

The log looks good!

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

 

[Cindy0515]

Hi
Here is the results from the scan I am trying to get rid of it but I am not sure how to>> Cindy


Incident Status Location

Spyware:Spyware/CommonName No disinfected C:\WINNT\system32\winnet.ini
Spyware:Spyware/New.net No disinfected C:\WINNT\NDNuninstall*.exe
Spyware:Spyware/BargainBuddy No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\Updater
Adware:Adware/BookedSpace No disinfected C:\WINNT\bsx32
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Spyware:Spyware/Virtumonde No disinfected C:\WINNT\bsx32.ini
Adware:Adware/Stopzilla No disinfected Windows Registry

 

[Cindy0515]

I tried to get rid of these files but its not working. Please advise.... Thank You Cindy

 

[Flrman1]

That is the same list of files and folders that I had you delete two or three posts back. Where did you get that list? Is it the old one or did you do a new scan and get that from it?