WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Baseline Log

Started by penroze , May 11 2007 06:14 PM

This topic is locked

11 replies to this topic

#1 penroze

New Member

New Member
5 posts

Posted 11 May 2007 - 06:14 PM

I have run Spybot and Adaware and AVG Spyware and Kaspersky and AntiVir scanners and last found a free keylogger on my computer after I had thought it was finally clean. I'm trying out Hijack This. I am especially concerned about the unknown wsock entry and xdbfoaw.exe in win.ini in my Log. Can someone help me with my log? Thank you! :wavey:

I have lost my default sound driver somewhere along the way. Kaspersky or Zone alarm says both my browsers are loading with command prompt options. Whatever that means....

I use windows xp home edition and internet explorer and foxfire.

Logfile of HijackThis v1.99.1
Scan saved at 4:52:57 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://losangeles.craigslist.org/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xdbfoaw.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 13 May 2007 - 07:39 PM

Hello and Welcome to the forum.

I am especially concerned about the unknown wsock entry

That one is OK.

You're running 2 anti-virus programs. That can cause all types of problems.
You need to uninstall one of them.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
One of the anti-virus programs

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xdbfoaw.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete this File if listed:
xdbfoaw.exe

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 penroze

New Member

New Member
5 posts

Posted 14 May 2007 - 08:06 AM

SpyBot keeps finding "Free Keylogger" on my system and it keeps redetecting the same malwares even when a pre windows startup scan is run. Please help! I typed a longer post but windows needed to close and I lost it. So I'm making this one short....

My antivirus Kaspersky (trial version) keeps needing to close. And it is password protected.

Logfile of HijackThis v1.99.1
Scan saved at 6:59:22 AM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://losangeles.craigslist.org/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hope you all can help! Thank you! :wavey:

Edited by penroze, 14 May 2007 - 08:08 AM.

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 May 2007 - 02:10 PM

Please don't strat a new topic. Keep your post in this topic

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please use the Posted Image

Button below to reply.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 penroze

New Member

New Member
5 posts

Posted 15 May 2007 - 12:53 AM

I ran Combo, ATF Cleaner, and Spybot.

Combo log
"Owner" - 2007-05-14 23:44:46 Service Pack 2
ComboFix 07-05.11.5V - Running from: "C:\Documents and Settings\Owner\Desktop\INSTALLS\kingston add ons\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Owner
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Owner\APPLIC~1\SCURIT~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\SCURIT~1
C:\qoobox\purity\C\DOCUME~1\Owner\MYDOCU~1\YMBOLS~1
C:\qoobox\purity\C\Program Files\SSTEM3~1
C:\qoobox\purity\C\Program Files\Common Files\SEMBLY~1
C:\qoobox\purity\C\Program Files\Common Files\SKS~1
C:\qoobox\purity\C\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\C\WINDOWS\SEMBLY~1
C:\qoobox\purity\C\WINDOWS\system32\DOBE~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\C\WINDOWS\system32\SEMBLY~1
C:\qoobox\purity\C\WINDOWS\system32\SSTEM3~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 ))))))))))))))))))))))))))))))))))

2007-05-14 23:18 <DIR> d-------- C:\Program Files\Elprime Media Recovery
2007-05-13 21:19 <DIR> d-------- C:\Program Files\Hasbro Interactive
2007-05-11 18:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-11 17:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-11 16:51 <DIR> d-------- C:\Program Files\Hijack
2007-05-11 11:34 <DIR> d-------- C:\Program Files\New Folder
2007-05-11 01:23 77,824 --a------ C:\WINDOWS\system32\CDVPreviewEx.dll
2007-05-11 01:23 237,568 --a------ C:\WINDOWS\CDLaunch.exe
2007-05-11 01:23 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CSOdessa
2007-05-11 01:22 <DIR> d-------- C:\Program Files\CS Odessa
2007-05-11 01:18 <DIR> d-------- C:\Program Files\SlimBrowser
2007-05-11 01:18 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SlimBrowser
2007-05-11 00:19 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\iView
2007-05-10 23:58 <DIR> d-------- C:\Program Files\Pradis
2007-05-10 23:56 <DIR> d-------- C:\Program Files\iView Catalog Reader
2007-05-10 13:46 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-05-10 00:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\GlarySoft
2007-05-10 00:12 <DIR> d-------- C:\Program Files\Glary Utilities
2007-05-09 23:43 <DIR> d-------- C:\Program Files\Easy RSS Content Generator
2007-05-09 18:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\elefundesktops
2007-05-09 16:23 <DIR> d-------- C:\Temp
2007-05-09 16:21 <DIR> d-------- C:\Program Files\Super Blocks
2007-05-08 00:55 <DIR> d-------- C:\Program Files\DoyleSoft
2007-05-07 14:34 <DIR> d-------- C:\Program Files\CDBurnerXP Pro 3
2007-05-07 14:21 <DIR> d-------- C:\Program Files\MesNews
2007-05-07 14:16 <DIR> d-------- C:\Program Files\InControl
2007-05-07 14:13 <DIR> d-------- C:\Program Files\Ronin Solitaire
2007-05-07 14:10 <DIR> d-------- C:\Program Files\EleFun Desktops
2007-05-07 14:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\elefundesktops
2007-05-06 17:25 <DIR> d-------- C:\Program Files\Alive Games
2007-05-06 17:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Alive Games
2007-05-06 17:18 <DIR> d-------- C:\Program Files\Identity Knight
2007-05-06 16:00 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2007-05-06 16:00 <DIR> d-------- C:\Program Files\Belarc
2007-05-05 18:02 4,027,840 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-05-05 18:02 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-05-05 18:02 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-05-05 18:02 147,456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-05-05 18:02 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-05-05 18:02 <DIR> d-------- C:\Program Files\Realtek AC97
2007-05-05 17:54 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-05-05 17:54 577,536 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-05-05 17:54 2,879,488 --a------ C:\WINDOWS\SkyTel.exe
2007-05-05 17:54 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2007-05-05 17:54 2,157,568 --a------ C:\WINDOWS\MicCal.exe
2007-05-05 17:54 16,125,440 --a------ C:\WINDOWS\RTHDCPL.exe
2007-05-05 17:53 9,709,568 --a------ C:\WINDOWS\RTLCPL.exe
2007-05-05 17:53 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-05-05 17:53 4,484,608 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-05-05 17:53 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2007-05-05 17:53 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-05-05 17:53 <DIR> d-------- C:\Program Files\Realtek
2007-05-05 17:52 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-05-05 17:52 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-05-05 17:29 <DIR> d-------- C:\swsetup
2007-05-05 16:23 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-05-05 16:23 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-05-05 16:23 5,438,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-05 16:23 115,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-05 16:23 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-05-05 16:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-05 16:19 <DIR> d-------- C:\KAV
2007-05-04 22:25 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Leadertech
2007-05-04 22:21 <DIR> d-------- C:\Program Files\GRETECH
2007-05-04 22:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-05-04 22:13 <DIR> d-------- C:\Program Files\VideoLAN
2007-05-04 21:10 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-04 21:10 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-04 21:09 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-04 20:59 <DIR> d-------- C:\Program Files\IMBT
2007-05-04 20:59 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\IMBT
2007-05-04 20:53 <DIR> d-------- C:\Program Files\7-Zip
2007-05-04 20:47 2,301 --a------ C:\WINDOWS\mozver.dat
2007-05-04 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-04 20:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-04 14:26 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-04 14:25 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-04 13:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-04 13:23 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-04 13:23 <DIR> d-------- C:\Program Files\CCleaner
2007-05-04 09:45 12,288,463 --------- C:\AVG7QT.DAT
2007-05-04 09:17 636,502 -ra------ C:\WINDOWS\system32\drivers\PRISMUSB.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-14 15:48:16 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-11 18:53:11 -------- d-----w C:\Program Files\AIM
2007-05-11 08:22:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-10 02:24:15 25,968 ----a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-04 21:06:27 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-04 21:06:26 -------- d-----w C:\Program Files\Symantec
2007-05-04 20:53:45 -------- d-----w C:\Program Files\Google
2007-05-04 20:42:14 -------- d-----w C:\Program Files\The Weather Channel FW
2007-05-04 18:10:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-04 17:33:33 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-05-04 17:30:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-05-04 17:30:18 -------- d-----w C:\Program Files\Lavasoft

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader synchronizer.lnk
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^trojan guarder gold version.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^owner^start menu^programs^startup^think-adz.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^owner^start menu^programs^startup^z_start.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!avg anti-spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amazing3daquariumwallpaper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dropspam lifestyle

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dw4

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\elefunanimatedwallpaper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exploreupdsched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imjpmig8.1
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kqqi

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxsupmon
C:\WINDOWS\system32\LXSUPMON.EXE RUN

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspy2002
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oe_drop_spam

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phime2002a
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phime2002async
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qdvfzp

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ruoo

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spamblocker

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viewmgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webhancer agent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webhancer survey companion

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070505-165654-118
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
backup-20070505-165653-537
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070505-165654-389
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20070505-165653-903
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
backup-20070505-165653-999
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
backup-20070505-165652-802
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
backup-20070505-165652-128
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...0.19/ttinst.cab
backup-20070505-165651-148
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
backup-20070505-165651-794
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
backup-20070505-165650-162
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.c.../mv/p3bvset.cab
backup-20070505-165649-289
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
backup-20070505-165647-503
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
backup-20070505-165647-476
O3 - Toolbar: (no name) - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - (no file)
backup-20070505-165647-288
O2 - BHO: (no name) - {A6DA9DA6-0714-7ACC-4503-57F07FCD6C9E} - C:\WINDOWS\system32\zte.dll (file missing)
backup-20070505-165647-955
R3 - URLSearchHook: (no name) - {A6DA9DA6-0714-7ACC-4503-57F07FCD6C9E} - C:\WINDOWS\system32\zte.dll (file missing)
backup-20070505-165647-175
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
backup-20070505-165647-128
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-14 23:48:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-14 23:48:34
C:\ComboFix-quarantined-files.txt ... 2007-05-14 23:48

*******************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 11:51:38 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://losangeles.craigslist.org/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I'm sorry about posting twice. I couldn't find my previous post. Thank you for your help.
New HJT Log

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 15 May 2007 - 06:28 PM

I only see what that needs fixed.

Delete this File if listed:
C:\WINDOWS\system32\sys_dll.dll

How's it running?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 penroze

New Member

New Member
5 posts

Posted 17 May 2007 - 09:54 AM

My computer still does not have sound. I think a past/now cleaned virus must have deleted or disabled the driver. I tried installing media controller AC97 and it crashed my Dell system. Aside from that, my system is not acting funny or going slow now. Thank you for your help!!!

#8 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 May 2007 - 02:40 PM

Please do not delete anything unless instructed to.

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exploreupdsched]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kqqi]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oe_drop_spam]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qdvfzp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ruoo]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viewmgr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webhancer agent]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webhancer survey companion]

On the desktop, doubleclick fix.reg and allow it to run. Let it merge.

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
dropspam lifestyle
trojan guarder gold
viewpoint manager

Delete these Files if listed:
c:\documents and settings\all users\start menu\programs\startup\trojan guarder gold version.lnk
c:\documents and settings\owner\start menu\programs\startup\think-adz.lnk
c:\documents and settings\owner\start menu\programs\startup\z_start.lnk

Empty recycle bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#9 penroze

New Member

New Member
5 posts

Posted 20 May 2007 - 01:09 PM

I just installed McAfee anti-virus. This is my newest log. None of the files or processes you named in the last entry were on my computer. So I couldn't delete them.

Logfile of HijackThis v1.99.1
Scan saved at 12:06:03 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\WiredPlane\WireKeys\WireKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://losangeles.craigslist.org/
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Magnifier.lnk = C:\WINDOWS\system32\magnify.exe
O4 - Startup: WireKeys.lnk = C:\Program Files\WiredPlane\WireKeys\WireKeys.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0161971179684536) (0161971179684536mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp16197~1.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you for your help!

#10 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 May 2007 - 01:11 PM

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#11 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 23 May 2007 - 07:14 AM

How are you doing?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#12 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 28 May 2007 - 04:39 AM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.tomcoy...hp?showforum=27 ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.

==============================

Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme