1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: computer skipping every half second

Discussion in 'Virus & Other Malware Removal' started by spiralnotebook, Jul 4, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    All the time, when I play games, watch a gif., type on certain websites, or watch a clip online and offline, my computer stops every other second, for a whole second.

    For example, on a flash game, I would be dragging my arrow across the screen and it would stop a third of the way and then appear a second later again and then skip to where my arrow should be.

    Ex: I would watch a clip and hear the sound perfectly, but the video will play for two seconds, skip a full second, and then reappear.

    Ex: On a website, I would be typing and not see my words for a second, and it'll show up, but a second later.

    I tried some dvds, and they skip a full second, after every two second, too. But I think that's my drive's problem, right?

    Some new stuff I think I can blame:

    I bought Windows Live OneCare and recently there was a trojan called Win32 Virtumonde that wouldn't leave, so I ignored it.
    I did not download anything else.
    My computer has been buffering on the typing before Virtumonde, but the online clips hadn't.

    Can someone either tell me how to fix it, software I could buy to clean it (I don't really know how to use Windows Live OneCare expect for periodic trojan spotting), if it's MSN's fault, or whether I need to buy a new computer T_T
     
  2. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Welcome to TSG....

    a trojan called Win32 Virtumonde should not be ignored and might be the casue of your problem. Let's try this:

    To download HJTsetup.exe from SpyKiller To Download HijackThis go to the following at the File Repository
    Click on the link below to Download HijackThis Self Installer:

    http://www.thespykiller.co.uk/files/HJTsetup.exe

    Save the file to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialog box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
     
  3. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    Did what I was told, thanks in advance:


    Logfile of HijackThis v1.99.1
    Scan saved at 10:28:50 PM, on 7/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.therainforestsite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=11638
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [j9251531] rundll32 C:\WINDOWS\system32\j9251531.dll sook
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hedblcdy.dll",realset
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Monopoly3Setup.exe] C:\DOWNLO~1\MONOPO~1.EXE /r
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm028LEUS
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
    O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C7C645-EBD7-417B-A750-E77C54E90B3A}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - iolo technologies, LLC - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  4. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    "Welcome to TSG...."

    hahaha, yeah, I just noticed that. I haven't signed on, so I've been a "Guest" for a while. Most of the problems I have I found a fix by just reading some threads. That's why it says I've been a member for a year but haven't posted...
     
  5. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    I don't really know what this log file is, so if someone could help me/ explain because I think I see a few programs I thought I uninstalled permanently.
     
  6. BobJam

    BobJam

    Joined:
    Jan 10, 2005
    Messages:
    380
    I'm sure ozrom1e will read and interpret your HJT file . . . just be patient.

    This isn't a solution, just a comment.

    Your skipping problem is definitely a symptom of some process running in the background - I suspect it may be that Trojan.

    Once you are able to remove that Trojan, I'll bet that your skipping problem will be solved.

    Also, you may have too many programs running at startup, and thus causing a resource logjam. Reading and interpreting those HJT logs may tell some of the story.

    Hang on . . .
     
  7. The Hound

    The Hound

    Joined:
    May 27, 2007
    Messages:
    3,235
    Hang in, spiral. I've asked the mods to move you to the security forum...The malware experts here have a shield next to their name--they're worth waiting for, so please be patient.
     
  8. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    Thank you ^ ^
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  10. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    "Cyndi" - 2007-07-08 0:23:19 - ComboFix 07-07-07.3 - Service Pack 2

    ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\aabieuhs.dll
    C:\WINDOWS\system32\gfshiibj.dll
    C:\WINDOWS\system32\jdacvilj.dll
    C:\WINDOWS\system32\kseijltc.dll
    C:\WINDOWS\system32\lpafaqev.dll
    C:\WINDOWS\system32\mltbvbox.dll
    C:\WINDOWS\system32\oxtwxfyl.dll
    C:\WINDOWS\system32\plerqise.dll
    C:\WINDOWS\system32\tfwdspjg.dll
    C:\WINDOWS\system32\vdikyqqk.dll
    C:\WINDOWS\system32\ydujqiea.dll
    C:\WINDOWS\system32\okxjllvx.exe
    C:\WINDOWS\system32\giwrxigc.exe
    C:\WINDOWS\system32\ybadd.bak1
    C:\WINDOWS\system32\ybadd.bak2
    C:\WINDOWS\system32\ybadd.ini
    C:\WINDOWS\system32\ybadd.ini2
    C:\WINDOWS\system32\ybadd.tmp
    C:\WINDOWS\system32\shueibaa.ini
    C:\WINDOWS\system32\jbiihsfg.ini
    C:\WINDOWS\system32\jbiihsfg.tmp
    C:\WINDOWS\system32\veqafapl.ini
    C:\WINDOWS\system32\xobvbtlm.ini
    C:\WINDOWS\system32\gjpsdwft.ini
    C:\WINDOWS\system32\kqqykidv.ini
    C:\WINDOWS\system32\ybadd.bak1
    C:\WINDOWS\system32\ybadd.bak2
    C:\WINDOWS\system32\ybadd.ini
    C:\WINDOWS\system32\ybadd.ini2
    C:\WINDOWS\system32\ybadd.tmp
    C:\WINDOWS\system32\ddaby.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Barbara\APPLIC~1\Dxccwrd.dll
    C:\DOCUME~1\Barbara\APPLIC~1\Dxcknwrd.dll
    C:\DOCUME~1\Barbara\APPLIC~1\Dxcuknwrd.dll
    C:\DOCUME~1\Cyndi\APPLIC~1\Dxccwrd.dll
    C:\DOCUME~1\Cyndi\APPLIC~1\Dxcknwrd.dll
    C:\DOCUME~1\Cyndi\APPLIC~1\Dxcuknwrd.dll
    C:\DOCUME~1\Cyndi\MYDOCU~1.\scurit~1
    C:\DOCUME~1\HP_Owner\APPLIC~1\Dxcuknwrd.dll
    C:\Program Files\asks~1
    C:\Program Files\Common Files\{3C114~1
    C:\Program Files\Common Files\{3C114~2
    C:\Program Files\Common Files\{6C114~1
    C:\Program Files\Common Files\{6C114~2
    C:\Program Files\Common Files\fnts~1
    C:\Program Files\Common Files\icroso~1
    C:\Program Files\Common Files\scurit~1
    C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe
    C:\Program Files\ipwindows
    C:\Program Files\MSN Gaming Zone\rteseji.html
    C:\Program Files\oin search
    C:\Program Files\oin search\OINSearch.dll
    C:\Program Files\oin search\Uninstall.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\racle~1
    C:\Program Files\web buying
    C:\Program Files\web buying\v1.6.8\wbuninst.exe
    C:\Program Files\web buying\v1.6.8\webbuying.dll
    C:\Program Files\web buying\v1.6.8\webbuying.exe
    C:\temp\17o7
    C:\temp\17o7\tmpTF.log
    C:\temp\tn3
    C:\WINDOWS\Help\SBSI\ntp2.ini
    C:\WINDOWS\mbols~1
    C:\WINDOWS\sstem~1
    C:\WINDOWS\system32\bund1
    C:\WINDOWS\system32\bund1\temp.txt
    C:\WINDOWS\system32\bund1\Yzz.exe
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\j9251531.dll
    C:\WINDOWS\system32\mcroso~1.net
    C:\WINDOWS\system32\smpi1
    C:\WINDOWS\system32\wapisvtr.exe
    C:\WINDOWS\system32\ymante~1
    C:\WINDOWS\uninst2.htm
    C:\WINDOWS\unist1.htm
    C:\WINDOWS\vttc.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE
    -------\LEGACY_NETWORK_MONITOR
    -------\core
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


    2007-07-08 00:17 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-05 17:21 2,068 --a------ C:\WINDOWS\system32\bywnmrkl.exe
    2007-07-04 23:21 2,068 --a------ C:\WINDOWS\system32\aaxbegky.exe
    2007-06-28 15:14 <DIR> d-------- C:\DOCUME~1\Cyndi\APPLIC~1\Sonic
    2007-06-28 15:14 <DIR> d-------- C:\DOCUME~1\Cyndi\APPLIC~1\Leadertech
    2007-06-13 14:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-12 14:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-06-12 12:42 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-06-12 12:42 208,248 --a------ C:\WINDOWS\system32\muweb.dll
    2007-06-11 16:23 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 04:35:54 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-07-08 03:58:15 -------- d-----w C:\DOCUME~1\Cyndi\APPLIC~1\MSN6
    2007-07-05 02:08:36 -------- d-----w C:\Program Files\Microsoft Windows OneCare Live
    2007-07-03 02:08:45 -------- d-----w C:\Program Files\Microsoft Works
    2007-07-02 18:50:19 -------- d-----w C:\Program Files\Lexmark 1200 Series
    2007-06-07 23:11:37 -------- d-----w C:\Program Files\Viewpoint
    2007-06-05 18:25:00 14,868 ----a-w C:\WINDOWS\system32\iwdptdpt.exe
    2007-05-25 22:01:08 -------- d-----w C:\Program Files\QuickTime
    2007-05-18 20:57:15 -------- d-----w C:\Program Files\Common Files\rirm
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 22:39:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-11 22:36:28 -------- d-----w C:\Program Files\Veoh Networks
    2007-05-09 19:54:22 28,665 ----a-w C:\WINDOWS\b129.exe.bin
    2007-05-07 02:41:45 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2007-05-04 20:44:33 31,433 ----a-w C:\WINDOWS\hGFdeYYm64pUIdwQ.exe
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 03:27:41 167 ----a-w C:\WINDOWS\system32\8146.bat
    2007-04-13 03:27:26 32,768 ----a-w C:\WINDOWS\system32\setup9x.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2001-04-16 16:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}]
    2007-05-05 16:37 175694 --ah----- c:\windows\help\sbsi\ipcr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78663EAF-1552-4BAF-BDB1-94ED8FBCA329}]
    C:\WINDOWS\system32\rfojmduw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-04-17 13:32 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90AEB353-08E8-4804-8251-E269B5A8791c}]
    C:\WINDOWS\system32\rfojmduw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 21:53]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 17:03]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 21:28]
    "VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 C:\WINDOWS\AGRSMMSG.exe]
    "Mercora"="C:\Program Files\Mercora\MercoraClient.exe" []
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
    "SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe" [2005-09-24 04:39]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
    "HostManager"="C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe" [2006-05-09 20:24]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 22:36]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40]
    "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 17:42]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
    "ioloDelayModule"="C:\Program Files\iolo\System Mechanic Professional 6\delay.exe" [2005-06-08 22:31]
    "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 03:07]
    "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
    "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-06-11 12:40]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-25 18:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 06:46]
    "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2005-09-24 04:36]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
    "Monopoly3Setup.exe"="C:\DOWNLO~1\MONOPO~1.exe" []
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
    "@"="" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\MSN Gaming Zone\rteseji.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipcr]
    c:\windows\help\sbsi\ipcr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgddc]
    mljgddc.dll

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
    ~~\SafeBoot\Minimal\RpcSs

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Usnsvc usnsvc


    Contents of the 'Scheduled Tasks' folder
    2006-08-19 23:36:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
    2007-06-11 17:25:49 C:\WINDOWS\tasks\MP Scheduled Quick Scan.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-08 00:50:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-07-08 1:02:47 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-08 01:01

    --- E O F ---
     
  11. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    Logfile of HijackThis v1.99.1
    Scan saved at 1:06:20 AM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\cmd.exe
    C:\ComboFix\vfind.cfexe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.therainforestsite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=11638
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\help\sbsi\ipcr.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {78663EAF-1552-4BAF-BDB1-94ED8FBCA329} - C:\WINDOWS\system32\rfojmduw.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {90AEB353-08E8-4804-8251-E269B5A8791c} - C:\WINDOWS\system32\rfojmduw.dll (file missing)
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Monopoly3Setup.exe] C:\DOWNLO~1\MONOPO~1.EXE /r
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm028LEUS
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
    O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C7C645-EBD7-417B-A750-E77C54E90B3A}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: ipcr - c:\windows\help\sbsi\ipcr.dll
    O20 - Winlogon Notify: mljgddc - mljgddc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - iolo technologies, LLC - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to add/remove programs and remove My Web Search.


    Run HJT again and put a check in the following:

    O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\help\sbsi\ipcr.dll
    O2 - BHO: (no name) - {78663EAF-1552-4BAF-BDB1-94ED8FBCA329} - C:\WINDOWS\system32\rfojmduw.dll (file missing)
    O2 - BHO: (no name) - {90AEB353-08E8-4804-8251-E269B5A8791c} - C:\WINDOWS\system32\rfojmduw.dll (file missing)
    O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm028LEUS
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
    O20 - Winlogon Notify: ipcr - c:\windows\help\sbsi\ipcr.dll
    O20 - Winlogon Notify: mljgddc - mljgddc.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\bywnmrkl.exe
      C:\WINDOWS\system32\aaxbegky.exe
      C:\WINDOWS\system32\iwdptdpt.exe
      C:\Program Files\Common Files\rirm
      C:\WINDOWS\b129.exe.bin
      C:\WINDOWS\hGFdeYYm64pUIdwQ.exe
      C:\WINDOWS\system32\8146.bat
      C:\WINDOWS\system32\setup9x.exe
      c:\windows\help\sbsi\ipcr.dll
      C:\WINDOWS\system32\rfojmduw.dll
      C:\WINDOWS\system32\mljgddc.dll


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  13. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    Logfile of HijackThis v1.99.1
    Scan saved at 5:57:59 PM, on 7/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\MSNCC.EXE
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.therainforestsite.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=11638
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139081411\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Monopoly3Setup.exe] C:\DOWNLO~1\MONOPO~1.EXE /r
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C5C7C645-EBD7-417B-A750-E77C54E90B3A}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: ipcr - c:\windows\help\sbsi\ipcr.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - iolo technologies, LLC - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  14. spiralnotebook

    spiralnotebook Thread Starter

    Joined:
    Jun 17, 2006
    Messages:
    94
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/09/2007 at 02:22 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 02:09:07

    Memory items scanned : 692
    Memory threats detected : 0
    Registry items scanned : 6771
    Registry threats detected : 21
    File items scanned : 120230
    File threats detected : 60

    Adware.MyWebSearch
    HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
    C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
    HKU\S-1-5-21-2884810101-255598207-4268651657-1012\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}

    Trojan.PSAPI-A
    HKLM\Software\Classes\CLSID\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}
    HKCR\CLSID\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}
    HKCR\CLSID\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}#AppID
    HKCR\CLSID\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}\TypeLib
    HKCR\CLSID\{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}\VersionIndependentProgID

    Adware.Tracking Cookie
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cyndi\Cookies\[email protected][1].txt

    Adware.ClickSpring/Outer Info Network
    HKCR\OINSearchToolbar.OINSBarBand
    HKCR\OINSearchToolbar.OINSBarBand\CLSID
    HKCR\OINSearchToolbar.OINSBarBand\CurVer
    HKCR\OINSearchToolbar.OINSBarBand.1
    HKCR\OINSearchToolbar.OINSBarBand.1\CLSID
    HKCR\AppId\JamingoToolbar.DLL
    HKCR\AppId\JamingoToolbar.DLL#AppID
    HKCR\AppId\{3689DAB5-D3B0-49BD-A7BD-EE5D71419BE8}
    C:\Documents and Settings\Cyndi\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Cyndi\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Cyndi\Start Menu\Programs\Outerinfo
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\OIN SEARCH\OINSEARCH.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP185\A0481898.DLL

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1396OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1670OINUNINSTALLER.EXE.VIR

    Adware.k8l
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN GAMING ZONE\RTESEJI.HTML.VIR

    Adware.WebBuying Assistant-Installer
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.6.8\WBUNINST.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.6.8\WEBBUYING.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP107\A0472663.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP107\A0472676.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP185\A0481901.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP185\A0481903.EXE

    Trojan.Downloader-WebBuying/PopEngine
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.6.8\WEBBUYING.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP106\A0470584.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP107\A0472714.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP107\A0472799.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP112\A0474190.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP114\A0474418.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP114\A0474475.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP116\A0474686.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP119\A0475122.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP119\A0475271.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP120\A0475404.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP138\A0478250.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP156\A0479176.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP165\A0479583.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP185\A0481902.DLL

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAPISVTR.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP106\A0471516.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP185\A0481896.EXE

    Unclassified.Unknown Origin/System
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR

    Adware.Toolbar888
    C:\RECYCLER\S-1-5-21-2884810101-255598207-4268651657-1011\DC77\SYSTEM.DLL
    C:\RECYCLER\S-1-5-21-2884810101-255598207-4268651657-1011\DC80\SYSTEM.DLL
    C:\RECYCLER\S-1-5-21-2884810101-255598207-4268651657-1011\DC81\SYSTEM.DLL
    C:\RECYCLER\S-1-5-21-2884810101-255598207-4268651657-1011\DC82\SYSTEM.DLL
    C:\RECYCLER\S-1-5-21-2884810101-255598207-4268651657-1011\DC83\SYSTEM.DLL
    C:\RECYCLER\S-1-5-21-2884810101-255598207-4268651657-1011\DC84\SYSTEM.DLL

    Trojan.YourEnhancement
    C:\WINDOWS\109UNINST.EXE

    Adware.RAC
    C:\WINDOWS\ACDT-PID64.EXE

    Adware.Unknown Origin
    C:\_OTMOVEIT\MOVEDFILES\PROGRAM FILES\COMMON FILES\RIRM\RIRMD\CLASS-BARREL
    C:\_OTMOVEIT\MOVEDFILES\PROGRAM FILES\COMMON FILES\RIRM\RIRMD\VOCABULARY
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O20 - Winlogon Notify: ipcr - c:\windows\help\sbsi\ipcr.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    How is it running now? Any problems?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/591850

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice