Pls Help - Virus /Slow Computer - HJ Log Included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

MikeC103

Thread Starter
Joined
Jun 10, 2005
Messages
30
Hi -

A friend just brought me her computer. Aside from running really slow the computer is doing weird things. First off, some web sites will not open - mostly those that have some sort of animation or security. Also, I can not get any anti-virus program to run. When I go to shut down, it says somebody else is logged on to the computer when there is not. Thanks for any advice you can give me. I really appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 9:41:14 AM, on 1/25/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\bootini.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\WINDOWS\System32\mysvcc.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system\dllhost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\svch0st.exe
C:\WINDOWS\services.exe
C:\WINDOWS\Msnweb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Toolbar Suite\SL\02.00.0001.1203\en-us\msn_sl.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XMZ6VWF\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1&bm=ho_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\7jqugkx0.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\7jqugkx0.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: MSN Toolbar BHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: MSN Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.00.0001.1203\en-us\bin\msnlAdmin.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Verizon Online Account Setup.lnk = C:\Program Files\Verizon Online\VOLSW\Accstp4.0.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06E4E71-7145-4503-961D-EFA89C8BC454}: NameServer = 68.237.161.12 71.243.0.12
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: AIM - Unknown owner - C:\WINDOWS\aim.exe
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\yimsgr.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Microsoft Host Services (svch0st) - Unknown owner - C:\WINDOWS\svch0st.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe
 
Joined
Sep 7, 2004
Messages
49,014
Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
=====================

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
=========================

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
=========================

Download Superantispyware

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,945
Sorry for the interruption but I see she's not running any MS service packs. Can you tell us why that is please?
 

MikeC103

Thread Starter
Joined
Jun 10, 2005
Messages
30
Hi –

I finally did all the above. The machine also shuts down on its own and I get status code 1073741819. Thanks again for your help. Here are the logs as requested:
SDFix: Version 1.62

Fri 01/26/2007 - 15:30:23.77
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
DLLHOST32
lsass
Windows Update Service
Windows web messenger
Path:
"C:\WINDOWS\system\dllhost.exe"
"C:\WINDOWS\lsass.exe"
"C:\WINDOWS\services.exe"
"C:\WINDOWS\Msnweb.exe"
DLLHOST32 Deleted
lsass Deleted
Windows Update Service Deleted
Windows web messenger Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Killing PID 680 'bootini.exe'
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\WINDOWS\system32\40274_netapi.exe - Deleted
C:\WINDOWS\system32\directx.sys - Deleted
C:\WINDOWS\system32\eraseme_07850.exe - Deleted
C:\WINDOWS\system32\eraseme_48127.exe - Deleted
C:\WINDOWS\lsass.exe - Deleted
C:\WINDOWS\msnwebmgr.exe - Deleted
C:\WINDOWS\services.exe - Deleted
C:\WINDOWS\system\dllhost.exe - Deleted
C:\WINDOWS\system32\bootini.exe - Deleted
C:\WINDOWS\system32\firewall.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\mysvcc.exe - Deleted
C:\WINDOWS\system32\recsl.exe - Deleted

Could Not Remove C:\WINDOWS\system32\rdriv.sys!
Could Not Remove C:\WINDOWS\SVCH0ST.exe!
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
rdriv
Remaining Files:
---------------
C:\WINDOWS\system32\rdriv.sys Found
C:\WINDOWS\SVCH0ST.exe Found
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\Program Files\Shockwave.com\PhotoJam 4\data\PhotoJam 4.exe
C:\Program Files\Shockwave.com\PhotoJam 4\data\product\PhotoJam 4.exe
C:\Program Files\MSN\txsrvc.dll
C:\Program Files\MSN\unicows.dll
C:\WINDOWS\aim.exe
C:\WINDOWS\yimsgr.exe
C:\WINDOWS\Msnweb.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\Program Files\MSN\[email protected]#@.exe
C:\Program Files\Dell\Backup\DellBckp.exe
C:\Program Files\Shockwave.com\PhotoJam 4\data\PhotoJam 4.exe
C:\Program Files\Shockwave.com\PhotoJam 4\data\product\PhotoJam 4.exe
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Deluxe.exe
C:\pagefile.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\Documents and Settings\Administrator\Local Settings\Temp\msn9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\msn8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\msn1B.tmp

Finished
ComboFix 07-01-25 - Running from: "C:\Documents and
Settings\Administrator\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
C:\setup.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to
2007-01-29 ))))))))))))))))))))))))))))))))))
2007-01-29 10:10 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-01-29 09:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-29 09:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application
Data\SUPERAntiSpyware.com
2007-01-29 09:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application
Data\SUPERAntiSpyware.com
2007-01-28 16:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application
Data\Lavasoft
2007-01-28 11:10 84,992 --a------ C:\WINDOWS\system32\setup_33150.exe
2007-01-28 08:26 84,992 --a------ C:\WINDOWS\system32\setup_16673.exe
2007-01-26 16:34 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-26 15:50 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-26 15:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-26 15:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-26 15:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-26 15:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-26 15:50 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-26 15:50 <DIR> d-------- C:\Program Files\Grisoft
2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application
Data\Grisoft
2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-26 15:19 <DIR> d-------- C:\SDFix
2007-01-22 11:38 <DIR> d-------- C:\WINDOWS\CSC
2007-01-22 11:26 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-19 16:58 489 --a------ C:\1.vbs
2007-01-14 16:40 7,168 --a------ C:\WINDOWS\system32\NTLanManager4.sys
2007-01-14 14:27 98,108 --a------ C:\WINDOWS\system32\drivers\ipvnmon.sys
2007-01-08 18:58 <DIR> d-------- C:\Program Files\Virtools
2007-01-05 09:59 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-26 08:32 -------- d-------- C:\Program Files\simple star
2006-11-20 13:13 31832 --a------ C:\DOCUME~1\ADMINI~1\Application
Data\gdipfontcachev1.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"
"BMUpdate"="C:\\WINDOWS\\System32\\BMUpdate.exe"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"PhotoShow Deluxe Media
Manager"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\Xtras\\mssysmgr.exe"
"SFP"="C:\\Program Files\\Common Files\\Verizon Online\\SFP\\vzSFPWin.EXE
/s"
"SUPERAntiSpyware"="C:\\Program
Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"OneTouch Monitor"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"
"Motive SmartBridge"="C:\\PROGRA~1\\verizon\\SMARTB~1\\MotiveSB.exe"
"NPS Event Checker"="C:\\PROGRA~1\\Navnt\\npscheck.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common
Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"POINTER"="point32.exe"
"MPFExe"="C:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software
Update\\HPWuSchd2.exe"
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic
Insight\\SemanticInsight.exe"
"SunJavaUpdateSched"="\"C:\\Program
Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"IPInSightLAN 01"="\"C:\\Program Files\\Verizon
Online\\VisualIPInsight\\IPClient.exe\" -l"
"IPInSightMonitor 01"="\"C:\\Program Files\\Verizon
Online\\VisualIPInsight\\IPMon32.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\!SASWinLogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ
Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-29 17:37:58



SUPERAntiSpyware Scan Log
Generated 01/29/2007 at 11:02 AM
Application Version : 3.5.1016
Core Rules Database Version : 3165
Trace Rules Database Version: 1176
Scan type : Complete Scan
Total Scan Time : 01:03:04
Memory items scanned : 369
Memory threats detected : 1
Registry items scanned : 5840
Registry threats detected : 24
File items scanned : 34482
File threats detected : 126
Bogus MS SVCHOST.EXE
C:\WINDOWS\SVCH0ST.EXE
C:\WINDOWS\SVCH0ST.EXE
HKLM\System\ControlSet002\Services\svch0st
HKLM\System\ControlSet003\Services\svch0st
HKLM\System\ControlSet004\Services\svch0st
HKLM\System\CurrentControlSet\Services\svch0st
C:\WINDOWS\Prefetch\SVCH0ST.EXE-32A17FD8.pf
Trojan.MSNWeb
HKLM\System\ControlSet002\Services\Windows web messenger
C:\WINDOWS\MSNWEB.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected]tatcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt

Adware.RX Toolbar
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32#ThreadingModel
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID

Unclassified.Unknown Origin
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID

Adware.WhenU
C:\Program Files\Save\ReadMe.txt
C:\Program Files\Save

Adware.180solutions/ZangoSearch
HKCR\SAIX.InstallerCaller.1
HKCR\SAIX.InstallerCaller.1\CLSID
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid32
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib
HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib#Version
HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
Trojan.Downloader-FreeProd
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1432\A0150142.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1436\A0153621.EXE
Adware.Need2Find
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1436\A0150331.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1436\A0150332.DLL
 

MikeC103

Thread Starter
Joined
Jun 10, 2005
Messages
30
and here is the final hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:30:46 AM, on 1/29/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Navnt\navapw32.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
- C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Verizon Broadband Toolbar -
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic
Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon
Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon
Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon
Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program
Files\Navnt\navapw32.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program
Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Verizon Online Account Setup.lnk = C:\Program
Files\Verizon Online\VOLSW\Accstp4.0.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common
Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN
Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search -
http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} -
C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} -
C:\Program Files\Verizon Online\Verizon Online Control
Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad -
{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon
Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF:
START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration
Class) -
https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B06E4E71-7145-4503-961D-EFA89C8BC454}:
NameServer = 68.237.161.12 71.243.0.12
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AIM - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown
owner - C:\WINDOWS\yimsgr.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
 

MikeC103

Thread Starter
Joined
Jun 10, 2005
Messages
30
Unfortunately the copy of XP can not be verified.

She isn't the type to own a pirated version however I think she recieved the machine from work after they upgraded.

Any ideas on how to get it running as is?

Thanks!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top