1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pls Help - Virus /Slow Computer - HJ Log Included

Discussion in 'Virus & Other Malware Removal' started by MikeC103, Jan 25, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. MikeC103

    MikeC103 Thread Starter

    Joined:
    Jun 10, 2005
    Messages:
    30
    Hi -

    A friend just brought me her computer. Aside from running really slow the computer is doing weird things. First off, some web sites will not open - mostly those that have some sort of animation or security. Also, I can not get any anti-virus program to run. When I go to shut down, it says somebody else is logged on to the computer when there is not. Thanks for any advice you can give me. I really appreciate it!

    Logfile of HijackThis v1.99.1
    Scan saved at 9:41:14 AM, on 1/25/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\bootini.exe
    C:\WINDOWS\Explorer.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
    C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
    C:\WINDOWS\System32\mysvcc.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\WINDOWS\system\dllhost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\svch0st.exe
    C:\WINDOWS\services.exe
    C:\WINDOWS\Msnweb.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Toolbar Suite\SL\02.00.0001.1203\en-us\msn_sl.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2XMZ6VWF\hijackthis[1]\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1&bm=ho_search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\7jqugkx0.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\7jqugkx0.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: MSN Toolbar BHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
    O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
    O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
    O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
    O4 - Global Startup: MSN Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.00.0001.1203\en-us\bin\msnlAdmin.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: Verizon Online Account Setup.lnk = C:\Program Files\Verizon Online\VOLSW\Accstp4.0.exe
    O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B06E4E71-7145-4503-961D-EFA89C8BC454}: NameServer = 68.237.161.12 71.243.0.12
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O23 - Service: AIM - Unknown owner - C:\WINDOWS\aim.exe
    O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\yimsgr.exe
    O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    O23 - Service: Microsoft Host Services (svch0st) - Unknown owner - C:\WINDOWS\svch0st.exe
    O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe
    O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    =====================

    You have no active AntiVirus!

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
    =========================

    1. Download this file :

    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    =========================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Sorry for the interruption but I see she's not running any MS service packs. Can you tell us why that is please?
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
  6. MikeC103

    MikeC103 Thread Starter

    Joined:
    Jun 10, 2005
    Messages:
    30
    Hi –

    I finally did all the above. The machine also shuts down on its own and I get status code 1073741819. Thanks again for your help. Here are the logs as requested:
    SDFix: Version 1.62

    Fri 01/26/2007 - 15:30:23.77
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Safe Mode:
    Checking Services:
    Name:
    DLLHOST32
    lsass
    Windows Update Service
    Windows web messenger
    Path:
    "C:\WINDOWS\system\dllhost.exe"
    "C:\WINDOWS\lsass.exe"
    "C:\WINDOWS\services.exe"
    "C:\WINDOWS\Msnweb.exe"
    DLLHOST32 Deleted
    lsass Deleted
    Windows Update Service Deleted
    Windows web messenger Deleted
    Restoring Windows Registry Entries
    Restoring Default Hosts File
    Killing PID 680 'bootini.exe'
    Rebooting...
    Normal Mode:
    Checking Files:
    Files will be copied to Backups folder and removed:
    C:\WINDOWS\system32\40274_netapi.exe - Deleted
    C:\WINDOWS\system32\directx.sys - Deleted
    C:\WINDOWS\system32\eraseme_07850.exe - Deleted
    C:\WINDOWS\system32\eraseme_48127.exe - Deleted
    C:\WINDOWS\lsass.exe - Deleted
    C:\WINDOWS\msnwebmgr.exe - Deleted
    C:\WINDOWS\services.exe - Deleted
    C:\WINDOWS\system\dllhost.exe - Deleted
    C:\WINDOWS\system32\bootini.exe - Deleted
    C:\WINDOWS\system32\firewall.exe - Deleted
    C:\WINDOWS\system32\i - Deleted
    C:\WINDOWS\system32\mysvcc.exe - Deleted
    C:\WINDOWS\system32\recsl.exe - Deleted

    Could Not Remove C:\WINDOWS\system32\rdriv.sys!
    Could Not Remove C:\WINDOWS\SVCH0ST.exe!
    Alternate Streams Check:
    C:\WINDOWS\system32
    No streams found.
    Final Check:
    Remaining Services:
    ------------------
    rdriv
    Remaining Files:
    ---------------
    C:\WINDOWS\system32\rdriv.sys Found
    C:\WINDOWS\SVCH0ST.exe Found
    Backups Folder: - C:\SDFix\backups\backups.zip
    Checking For Files with Hidden Attributes :
    C:\NTDETECT.COM
    C:\Program Files\Shockwave.com\PhotoJam 4\data\PhotoJam 4.exe
    C:\Program Files\Shockwave.com\PhotoJam 4\data\product\PhotoJam 4.exe
    C:\Program Files\MSN\txsrvc.dll
    C:\Program Files\MSN\unicows.dll
    C:\WINDOWS\aim.exe
    C:\WINDOWS\yimsgr.exe
    C:\WINDOWS\Msnweb.exe
    C:\WINDOWS\system32\cdplayer.exe.manifest
    C:\WINDOWS\system32\logonui.exe.manifest
    C:\Program Files\MSN\[email protected]#@.exe
    C:\Program Files\Dell\Backup\DellBckp.exe
    C:\Program Files\Shockwave.com\PhotoJam 4\data\PhotoJam 4.exe
    C:\Program Files\Shockwave.com\PhotoJam 4\data\product\PhotoJam 4.exe
    C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Deluxe.exe
    C:\pagefile.sys
    C:\IO.SYS
    C:\MSDOS.SYS
    C:\Documents and Settings\Administrator\Local Settings\Temp\msn9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\msn8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\msn1B.tmp

    Finished
    ComboFix 07-01-25 - Running from: "C:\Documents and
    Settings\Administrator\Desktop"
    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions
    )))))))))))))))))))))))))))))))))))))))))))))))))
    C:\setup.exe
    ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to
    2007-01-29 ))))))))))))))))))))))))))))))))))
    2007-01-29 10:10 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
    2007-01-29 09:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-01-29 09:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application
    Data\SUPERAntiSpyware.com
    2007-01-29 09:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application
    Data\SUPERAntiSpyware.com
    2007-01-28 16:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application
    Data\Lavasoft
    2007-01-28 11:10 84,992 --a------ C:\WINDOWS\system32\setup_33150.exe
    2007-01-28 08:26 84,992 --a------ C:\WINDOWS\system32\setup_16673.exe
    2007-01-26 16:34 <DIR> dr-h----- C:\$VAULT$.AVG
    2007-01-26 15:50 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2007-01-26 15:50 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
    2007-01-26 15:50 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
    2007-01-26 15:50 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
    2007-01-26 15:50 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2007-01-26 15:50 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
    2007-01-26 15:50 <DIR> d-------- C:\Program Files\Grisoft
    2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
    2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application
    Data\Grisoft
    2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
    2007-01-26 15:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\AVG7
    2007-01-26 15:19 <DIR> d-------- C:\SDFix
    2007-01-22 11:38 <DIR> d-------- C:\WINDOWS\CSC
    2007-01-22 11:26 <DIR> d-------- C:\Program Files\Alwil Software
    2007-01-19 16:58 489 --a------ C:\1.vbs
    2007-01-14 16:40 7,168 --a------ C:\WINDOWS\system32\NTLanManager4.sys
    2007-01-14 14:27 98,108 --a------ C:\WINDOWS\system32\drivers\ipvnmon.sys
    2007-01-08 18:58 <DIR> d-------- C:\Program Files\Virtools
    2007-01-05 09:59 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
    )))))))))))))))))))))))))))))))))))))))))))))))))))))
    2006-12-26 08:32 -------- d-------- C:\Program Files\simple star
    2006-11-20 13:13 31832 --a------ C:\DOCUME~1\ADMINI~1\Application
    Data\gdipfontcachev1.dat
    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
    ))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"
    "BMUpdate"="C:\\WINDOWS\\System32\\BMUpdate.exe"
    "Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
    "PhotoShow Deluxe Media
    Manager"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\Xtras\\mssysmgr.exe"
    "SFP"="C:\\Program Files\\Common Files\\Verizon Online\\SFP\\vzSFPWin.EXE
    /s"
    "SUPERAntiSpyware"="C:\\Program
    Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "OneTouch Monitor"="C:\\PROGRA~1\\VISION~1\\ONETOU~2.EXE"
    "Motive SmartBridge"="C:\\PROGRA~1\\verizon\\SMARTB~1\\MotiveSB.exe"
    "NPS Event Checker"="C:\\PROGRA~1\\Navnt\\npscheck.exe"
    "PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
    "LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "Microsoft Works Update Detection"="C:\\Program Files\\Common
    Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "POINTER"="point32.exe"
    "MPFExe"="C:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software
    Update\\HPWuSchd2.exe"
    "SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic
    Insight\\SemanticInsight.exe"
    "SunJavaUpdateSched"="\"C:\\Program
    Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
    "IPInSightLAN 01"="\"C:\\Program Files\\Verizon
    Online\\VisualIPInsight\\IPClient.exe\" -l"
    "IPInSightMonitor 01"="\"C:\\Program Files\\Verizon
    Online\\VisualIPInsight\\IPMon32.exe\""
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
    HKEY_LOCAL_MACHINE\software\microsoft\windows
    nt\currentversion\winlogon\notify\!SASWinLogon
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ
    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Symantec NetDetect.job
    Completion time: 07-01-29 17:37:58



    SUPERAntiSpyware Scan Log
    Generated 01/29/2007 at 11:02 AM
    Application Version : 3.5.1016
    Core Rules Database Version : 3165
    Trace Rules Database Version: 1176
    Scan type : Complete Scan
    Total Scan Time : 01:03:04
    Memory items scanned : 369
    Memory threats detected : 1
    Registry items scanned : 5840
    Registry threats detected : 24
    File items scanned : 34482
    File threats detected : 126
    Bogus MS SVCHOST.EXE
    C:\WINDOWS\SVCH0ST.EXE
    C:\WINDOWS\SVCH0ST.EXE
    HKLM\System\ControlSet002\Services\svch0st
    HKLM\System\ControlSet003\Services\svch0st
    HKLM\System\ControlSet004\Services\svch0st
    HKLM\System\CurrentControlSet\Services\svch0st
    C:\WINDOWS\Prefetch\SVCH0ST.EXE-32A17FD8.pf
    Trojan.MSNWeb
    HKLM\System\ControlSet002\Services\Windows web messenger
    C:\WINDOWS\MSNWEB.EXE
    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\administrato[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt

    Adware.RX Toolbar
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32#ThreadingModel
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID

    Unclassified.Unknown Origin
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID

    Adware.WhenU
    C:\Program Files\Save\ReadMe.txt
    C:\Program Files\Save

    Adware.180solutions/ZangoSearch
    HKCR\SAIX.InstallerCaller.1
    HKCR\SAIX.InstallerCaller.1\CLSID
    HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}
    HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid
    HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid32
    HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib
    HKCR\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib#Version
    HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
    Trojan.Downloader-FreeProd
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1432\A0150142.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1436\A0153621.EXE
    Adware.Need2Find
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1436\A0150331.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{5B91EFFC-0E9D-4D6B-B432-1B5510AF1329}\RP1436\A0150332.DLL
     
  7. MikeC103

    MikeC103 Thread Starter

    Joined:
    Jun 10, 2005
    Messages:
    30
    and here is the final hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:30:46 AM, on 1/29/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
    C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Navnt\navapw32.exe
    C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1&bm=ho_search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Verizon Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}
    - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: Verizon Broadband Toolbar -
    {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge]
    C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
    O4 - HKLM\..\Run: [PrinTray]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
    Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic
    Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon
    Online\VisualIPInsight\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon
    Online\VisualIPInsight\IPMon32.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
    /background
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
    C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon
    Online\SFP\vzSFPWin.EXE /s
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program
    Files\Navnt\navapw32.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program
    Files\Verizon Online\SupportCenter\bin\matcli.exe
    O4 - Global Startup: Verizon Online Account Setup.lnk = C:\Program
    Files\Verizon Online\VOLSW\Accstp4.0.exe
    O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common
    Files\Verizon Online\ConnMgr\Verizon Online.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN
    Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Search -
    http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} -
    C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} -
    C:\Program Files\Verizon Online\Verizon Online Control
    Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad -
    {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon
    Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF:
    START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dsl&cd=4.0&bm=ho_home
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration
    Class) -
    https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
    http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
    http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
    http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{B06E4E71-7145-4503-961D-EFA89C8BC454}:
    NameServer = 68.237.161.12 71.243.0.12
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program
    Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AIM - Unknown owner - C:\WINDOWS\aim.exe (file missing)
    O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown
    owner - C:\WINDOWS\yimsgr.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
    32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
    c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
    Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
    Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  9. MikeC103

    MikeC103 Thread Starter

    Joined:
    Jun 10, 2005
    Messages:
    30
    Unfortunately the copy of XP can not be verified.

    She isn't the type to own a pirated version however I think she recieved the machine from work after they upgraded.

    Any ideas on how to get it running as is?

    Thanks!
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538306

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice