What the Tech logo
Welcome! Register for a free account (or login) > How does it work?
  1. Quickly register. It will only take 60 seconds.
  2. Start a new topic. Ask your question. Wait for an email reply.
  3. Is your system infected? Begin reading the malware removal guide.
 register button
 
 Closed TopicStart new topic
> [Resolved] Pop-ups During Startup and Continuous Running Hard Dri, Common and Search folders popup and continuously running hard drive
Numb3rsMan
post Jul 26 2008, 07:22 PM
Post #1


New Member
*

Group: New Member
Posts: 8
Joined: 29-June 08
From: Chicago, IL
Member No.: 79,938
Operating System: WindowsXP
When I start my computer two folders popup. They are Common which is in my Program Files folder and Search which has the file YSearchSuggest.dll and is located in Yahoo! which is located in Program Files.

I also have a concern with my hard drive. At times it will start to run as if a program or something is running. This happens when nothing is being executed, it draws all of my memory and brings my system to a halt until what ever is running completes.

I have run Ad-Aware, AT&T Yahoo Anti-Spy, Windows Defender and they find nothing. Thank you in advance for you assistance.

Below is my log from Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:13 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AutoLoginBHO Class - {51D72277-601E-4D4C-915D-113E34F61523} - C:\Program Files\Lenderlab\AutoLogin\IE\LLB_AL.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Parnell Jackson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...04YYUS_zuzeb002
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.ushealthadvisors.com
O16 - DPF: ADVFN US - http://www.advfn.com/advfn_us8.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Dominoes - http://origin.games.yahoo.net/games/clients/y/dot9_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
O16 - DPF: Yahoo! Gin - http://origin.games.yahoo.net/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.republicrefund.com/smsx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPe...sLocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.76.downloads.estara.com....775026OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161790354311
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://beta.moneycentral.msn.com/cabs/webinst.exe
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://flagstar.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Go to the top of the page
 
+Quote Post
Tomk
post Jul 31 2008, 12:59 PM
Post #2


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Hi Numb3rsMan, and Welcome to WhatTheTech

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Then

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.
Go to the top of the page
 
+Quote Post
Numb3rsMan
post Jul 31 2008, 02:29 PM
Post #3


New Member
*

Group: New Member
Posts: 8
Joined: 29-June 08
From: Chicago, IL
Member No.: 79,938
Operating System: WindowsXP
After running ATF Cleaner and Malwarebytes my computer still has two folders poping up upon startup . They are Common which is in my Program Files folder and Search which has the file YSearchSuggest.dll and is located in Yahoo! which is located in Program Files.

I would assume that the problem concerning my hard drive still persists. At times it will start to run as if a program or something is running. This happens when nothing is being executed, it draws all of my memory and brings my system to a halt until what ever is running completes.

Malwarebytes' Anti-Malware 1.23
Database version: 1003
Windows 5.1.2600 Service Pack 3

2:56:13 PM 7/31/2008
mbam-log-7-31-2008 (14-56-13).txt

Scan type: Quick Scan
Objects scanned: 50064
Time elapsed: 27 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:15 PM, on 7/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AutoLoginBHO Class - {51D72277-601E-4D4C-915D-113E34F61523} - C:\Program Files\Lenderlab\AutoLogin\IE\LLB_AL.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Parnell Jackson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.ushealthadvisors.com
O16 - DPF: ADVFN US - http://www.advfn.com/advfn_us8.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Dominoes - http://origin.games.yahoo.net/games/clients/y/dot9_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
O16 - DPF: Yahoo! Gin - http://origin.games.yahoo.net/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.republicrefund.com/smsx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPe...sLocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.76.downloads.estara.com....775026OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161790354311
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://beta.moneycentral.msn.com/cabs/webinst.exe
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://flagstar.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15882 bytes

Thank you for your time and effort. thumbup.gif thumbup.gif
Go to the top of the page
 
+Quote Post
Tomk
post Jul 31 2008, 03:22 PM
Post #4


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Numb3rsMan,


A. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

B. Now we must disable some of your security programs so that they do not interfere with the running of our tools:

WINDOWS DEFENDER
  • Click Start > Programs > Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings > Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
  • (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)


AD-AWARE AD-WATCH
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)



C.Go to -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall

  • DO NOT USE your computer for any other purpose while ComboFix is running.
  • ComboFix may restart your computer, this is normal.
  • When finished, it will produce a log, ComboFix.txt.
  • Please post ComboFix.txt in your next reply along with a new HijackThis log.



Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Go to the top of the page
 
+Quote Post
Numb3rsMan
post Jul 31 2008, 04:57 PM
Post #5


New Member
*

Group: New Member
Posts: 8
Joined: 29-June 08
From: Chicago, IL
Member No.: 79,938
Operating System: WindowsXP
My first attempts to download "ComboFix" met with failure. I clicked on both links and continue to receive an error message. I went online and downloaded the execute file to my desktop. This did not allow me to disable "Windows Defender" or "Ad-Aware Ad-Watch" before the the "ComboFix" scan ran. Upon clicking the "ComboFix.exe" on my desktop it ran automatically. I also was not able to enter the command '%userprofile%/desktop/combofix.exe" /kill all before the scan ran. Please find the "ComboFix" scan report below:

ComboFix 08-07-31.01 - Parnell Jackson 2008-07-31 17:02:58.1 - NTFSx86
Running from: C:\Documents and Settings\Parnell Jackson\Desktop\ComboFix.exe
* Created a new restore point

[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Denise Jackson\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\37DTTYMS\interclick.com
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\#SharedObjects\37DTTYMS\interclick.com\ud.sol
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Keith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Parnell Jackson\Application Data\macromedia\Flash Player\#SharedObjects\7RGCK3GP\interclick.com
C:\Documents and Settings\Parnell Jackson\Application Data\macromedia\Flash Player\#SharedObjects\7RGCK3GP\interclick.com\ud.sol
C:\Documents and Settings\Parnell Jackson\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Parnell Jackson\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\MabryObj.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-31 14:59 . 2008-07-31 14:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-31 14:01 . 2008-07-31 14:01 <DIR> d-------- C:\WITHDRAWN
2008-07-30 07:35 . 2008-07-31 15:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-30 07:35 . 2008-07-30 07:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-29 22:45 . 2008-07-29 23:52 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Skype
2008-07-29 22:33 . 2008-07-29 22:33 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Roxio
2008-07-28 18:23 . 2008-07-28 18:23 <DIR> d-------- C:\Documents and Settings\Parnell Jackson\Application Data\Malwarebytes
2008-07-28 18:22 . 2008-07-28 18:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 18:22 . 2008-07-28 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 18:22 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-28 18:22 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-20 21:36 . 2008-07-20 21:36 <DIR> d-------- C:\NVIDIA
2008-07-20 21:36 . 2008-06-16 16:34 446,464 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-07-20 21:14 . 2008-07-20 21:14 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-07-19 19:08 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-07-19 19:08 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2008-07-19 19:08 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\SYSTEM32\xactengine2_5.dll
2008-07-19 19:08 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\SYSTEM32\xactengine2_4.dll
2008-07-19 19:08 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\SYSTEM32\xactengine2_3.dll
2008-07-19 19:08 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll
2008-07-19 19:08 . 2006-11-15 11:38 15,128 --a------ C:\WINDOWS\SYSTEM32\x3daudio1_1.dll
2008-07-19 19:07 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\SYSTEM32\xinput1_2.dll
2008-07-19 19:03 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-07-02 12:55 . 2008-07-30 10:33 <DIR> d-------- C:\Documents and Settings\Parnell Jackson\Application Data\skypePM
2008-07-02 12:55 . 2008-07-02 12:55 56 --ah----- C:\WINDOWS\SYSTEM32\ezsidmv.dat
2008-07-02 12:53 . 2008-07-02 12:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-30 03:24 . 2008-07-16 17:34 <DIR> d-------- C:\Documents and Settings\Parnell Jackson\Application Data\wsInspector
2008-06-30 03:04 . 2008-06-30 03:08 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2008-06-29 23:31 . 2008-06-29 23:31 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-22 01:36 . 2008-06-28 19:30 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\mjusbsp
2008-06-20 12:46 . 2008-06-20 12:46 245,248 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 12:46 . 2008-06-20 12:46 147,968 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 06:51 . 2008-06-20 06:51 361,600 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 06:40 . 2008-06-20 06:40 138,496 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 06:08 . 2008-06-20 06:08 225,856 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-20 03:03 . 2008-07-09 03:06 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-18 00:40 . 2008-06-18 00:40 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\MySpace
2008-06-18 00:36 . 2008-06-18 00:36 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Share-to-Web Upload Folder
2008-06-18 00:34 . 2008-06-18 00:36 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\Yahoo!
2008-06-17 23:15 . 2008-07-30 23:57 <DIR> d-------- C:\Documents and Settings\Keith
2008-06-17 00:16 . 2008-06-17 00:16 <DIR> d-------- C:\Documents and Settings\Parnell Jackson\Application Data\MySpace
2008-06-17 00:15 . 2008-07-29 22:04 <DIR> d-------- C:\Program Files\MySpace
2008-06-13 10:57 . 2008-06-13 10:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-06-13 10:57 . 2008-06-13 10:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-06-13 10:57 . 2008-06-13 10:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-13 10:15 . 2008-04-13 19:12 1,306,624 --------- C:\WINDOWS\SYSTEM32\msxml6.dll
2008-06-13 10:14 . 2008-04-13 19:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-06-11 04:00 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-11 04:00 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 17:34 --------- d-----w C:\Documents and Settings\Parnell Jackson\Application Data\Skype
2008-07-28 19:01 --------- d-----w C:\Program Files\Classic PhoneTools
2008-07-08 18:01 60,744 ----a-w C:\WINDOWS\JAVA\g2mdlhlpx.exe
2008-07-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-06-30 03:24 --------- d-----w C:\Documents and Settings\Parnell Jackson\Application Data\mjusbsp
2008-06-24 00:54 --------- d-----w C:\Documents and Settings\Parnell Jackson\Application Data\uTorrent
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-15 23:12 336,520 ----a-w C:\WINDOWS\JAVA\Packages\L3DBJTB3.ZIP
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\SYSTEM32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\SYSTEM32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\SYSTEM32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\SYSTEM32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\SYSTEM32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\SYSTEM32\setupapi.dll
2008-04-14 10:42 11,264 ------w C:\WINDOWS\SYSTEM32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\SYSTEM32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\SYSTEM32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\SYSTEM32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\SYSTEM32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\SYSTEM32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\SYSTEM32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\SYSTEM32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\SYSTEM32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\SYSTEM32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\SYSTEM32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\SYSTEM32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\SYSTEM32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\SYSTEM32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\SYSTEM32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\SYSTEM32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\SYSTEM32\msshavmsg.dll
2008-04-13 17:39 438,784 ------w C:\WINDOWS\SYSTEM32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\SYSTEM32\xpsp2res.dll
2008-04-13 17:39 187,392 ------w C:\WINDOWS\SYSTEM32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\SYSTEM32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\SYSTEM32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\SYSTEM32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\SYSTEM32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\SYSTEM32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\SYSTEM32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\SYSTEM32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\SYSTEM32\qedwipes.dll
2008-04-13 17:09 4,096 ------w C:\WINDOWS\SYSTEM32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\SYSTEM32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\SYSTEM32\shdoclc.dll
2008-04-13 16:48 1,647,616 ------w C:\WINDOWS\SYSTEM32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\SYSTEM32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\SYSTEM32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\SYSTEM32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\SYSTEM32\msimsg.dll
2007-05-26 08:12 87,608 ----a-w C:\Documents and Settings\Parnell Jackson\Application Data\ezpinst.exe
2007-05-26 08:12 47,360 ----a-w C:\Documents and Settings\Parnell Jackson\Application Data\pcouffin.sys
2005-02-15 01:05 91,088 -c--a-w C:\Documents and Settings\Parnell Jackson\Application Data\GDIPFONTCACHEV1.DAT
2003-04-10 20:28 723 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10 224248]
"cdloader"="C:\Documents and Settings\Parnell Jackson\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 14:37 50520]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-09-15 03:52 393216]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2007-03-10 10:46 185456]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2007-03-10 10:46 230512]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 20:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 20:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 14:30 98304]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-10-28 14:45:53 45056]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2003-12-05 18:52:09 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Parnell Jackson\\Application Data\\mjusbsp\\magicJack.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 11:20]
S3 DCamUSBSvis;Sound Vision Stream Driver;C:\WINDOWS\system32\DRIVERS\svstream.sys [2001-07-18 14:25]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-06-25 16:38]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-07-31 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE []

2008-07-31 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-07-31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{97D1C862-3AA1-47EA-8AE7-E873F5E823D1}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Parnell Jackson\Application Data\Mozilla\Firefox\Profiles\cwq17p5k.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-upgrd&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://att.yahoo.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 17:24:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-31 17:37:27
ComboFix-quarantined-files.txt 2008-07-31 22:36:34

Pre-Run: 16,085,127,168 bytes free
Post-Run: 16,155,185,152 bytes free

239 --- E O F --- 2008-07-29 21:03:30


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:34 PM, on 7/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AutoLoginBHO Class - {51D72277-601E-4D4C-915D-113E34F61523} - C:\Program Files\Lenderlab\AutoLogin\IE\LLB_AL.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Parnell Jackson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://*.ushealthadvisors.com
O16 - DPF: ADVFN US - http://www.advfn.com/advfn_us8.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Dominoes - http://origin.games.yahoo.net/games/clients/y/dot9_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
O16 - DPF: Yahoo! Gin - http://origin.games.yahoo.net/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.republicrefund.com/smsx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPe...sLocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.76.downloads.estara.com....775026OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161790354311
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://beta.moneycentral.msn.com/cabs/webinst.exe
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://flagstar.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 15163 bytes[/b] unsure.gif unsure.gif
Go to the top of the page
 
+Quote Post
Tomk
post Jul 31 2008, 05:39 PM
Post #6


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Numb3rsMan,

Disable your protection programs as we did before.

  • Please open HijackThis and run Do a system scan only
  • Check the boxes next to ONLY the entries listed below(if present):
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

  • Close all programs except for HijackThis.
  • Click on Fix checked
  • A box will pop up asking you if you wish to fix the selected items. Please choose YES.
  • Once it has fixed them, please exit/close HijackThis.



Then

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


In your next reply please provide:
  • Kaspersky report
  • New HijackThis log taken after everything else completed


How are things running now?
Go to the top of the page
 
+Quote Post
Numb3rsMan
post Aug 1 2008, 05:18 AM
Post #7


New Member
*

Group: New Member
Posts: 8
Joined: 29-June 08
From: Chicago, IL
Member No.: 79,938
Operating System: WindowsXP
unsure.gif wacko.gif Greetings Tomk and thank you for the assistance that you have provided. The same two folders are still popping up when I start my computer. They are Common which is in my Program Files folder and Search which has the file YSearchSuggest.dll and is located in Yahoo! which is located in Program Files.

I must assume that the hard is still performing as before. At times it will start to run as if a program or something is running. This happens when nothing is being executed, it draws all of my memory and brings my system to a halt until what ever is running completes.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 01, 2008 03:36:18
Records in database: 1037634
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 212520
Threat name: 1
Infected objects: 0
Suspicious objects: 1
Duration of the scan: 03:38:53


File name / Threat name / Threats count
C:\Program Files\Yahoo!\YPSR\Quarantine\20060206072844.zip Suspicious: Password-protected-EXE 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:00 AM, on 8/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AutoLoginBHO Class - {51D72277-601E-4D4C-915D-113E34F61523} - C:\Program Files\Lenderlab\AutoLogin\IE\LLB_AL.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Parnell Jackson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?4df01b9216da4745908eb0738135e1
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.ushealthadvisors.com
O16 - DPF: ADVFN US - http://www.advfn.com/advfn_us8.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab
O16 - DPF: Yahoo! Dominoes - http://origin.games.yahoo.net/games/clients/y/dot9_x.cab
O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
O16 - DPF: Yahoo! Gin - http://origin.games.yahoo.net/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.republicrefund.com/smsx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPe...sLocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.76.downloads.estara.com....775026OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161790354311
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://beta.moneycentral.msn.com/cabs/webinst.exe
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://flagstar.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 16020 bytes


pullhair.gif unsure.gif
Go to the top of the page
 
+Quote Post
Tomk
post Aug 1 2008, 09:08 AM
Post #8


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Numb3rsMan,

Log looks good biggrin.gif

I realize that you still have issues but as far as I can tell your malware is gone. I suggest that you pose a question about your continued problems in the windows forum. If you do so, please provide them with a link to this topic so they can see what was done here.


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Keep Microsoft Windows Updated - This will ensure your computer has always the latest security updates available installed on your computer. The easiest way to do this is to turn on Automatic Updates. Do this by:
  • From your desktop, right-click on My Computer,
  • click on Properties
  • Select the Automatic Updates tab
  • Click on Automatic
  • Click on Apply button
  • Click on OK to exit.

If there are new updates to install, install them immediately, until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Using IE-SPYAD to help block unwanted sites and activities

Winpatrol


Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.


Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. thumbup.gif
Go to the top of the page
 
+Quote Post
Tomk
post Aug 4 2008, 06:59 PM
Post #9


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Go to the top of the page
 
+Quote Post
Tomk
post Aug 5 2008, 12:17 PM
Post #10


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
This topic has been reopened at the request of the user.
Go to the top of the page
 
+Quote Post
Numb3rsMan
post Aug 5 2008, 11:41 PM
Post #11


New Member
*

Group: New Member
Posts: 8
Joined: 29-June 08
From: Chicago, IL
Member No.: 79,938
Operating System: WindowsXP
thumbup.gif woot.gif Dear Tomk.

Thank you for your lending your time and expertise. It is greatly appreciated. I've done as you requested and installed the following:

1, SpywareBlaster
2. ZonedOut w/IE-SPYAD
3. Winpatrol

I've also read "So how did I get infected in the first place" by Tony Klein.

I will do as you suggest and pose a question about my continued problems int he windows forum.

Again I thank you for the lending of your time and expertise.

Respectfully,

Numb3rsMan thumbup.gif thumbup.gif

This post has been edited by Numb3rsMan: Aug 5 2008, 11:43 PM
Go to the top of the page
 
+Quote Post
Tomk
post Aug 6 2008, 08:20 AM
Post #12


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Numb3rsMan,

Glad we could help.

Good Luck and be Well. thumbup.gif
Go to the top of the page
 
+Quote Post
Tomk
post Aug 6 2008, 08:20 AM
Post #13


Forum God / Classroom Admin Assistant
Group Icon

Group: Classroom Teacher
Posts: 12,314
Joined: 27-December 07
From: Sisters, OR
Member No.: 75,503
Operating System: xp
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

Closed TopicStart new topic

 
RSS Time is now: 18th March 2010 - 08:41 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.