Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

512 Memory Is Showing Up As 384 Mb


  • Please log in to reply
10 replies to this topic

#1 bljcm5

bljcm5

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 06 September 2007 - 06:51 PM

I have one stick of 512 mb ram, It says so right on the sticker. But when I click properties on My computer it says 384mb installed,, What could be the problem?
I would like to add another 512 stick but don't know now what to do.
it is an Emachines W3107, it came with this 512 stick and is expandable to 2gb.

Any Ideas, Thankyou in advance



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:43 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Linda\Application Data\iSafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Common Files\AOL\1157422781\ee\aolsoftware.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Linda\Application Data\iSafe.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [SYSTEM] C:\WINDOWS\system32\cmss.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7143 bytes

    Advertisements

Register to Remove


#2 Doug

Doug

    Retired Administrator -Tech Team

  • Tech Team
  • 10,057 posts

Posted 06 September 2007 - 07:34 PM

128mb of your 512mb physical RAM installed is being used to service your nVidia Video Adapter which is integrated on your Motherboard - (as compared to being a separate PCI, PCIE, or AGP Card with its own memory) Best Regards
The help you receive here is free.
If you wish, you may Donate to help keep us online.

#3 bljcm5

bljcm5

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 06 September 2007 - 07:41 PM

Well, Of course it is,, Makes purfect sense. I never understood that it took a block of ram and not just what it needed at any given moment, Thank you Doug....

#4 paws

paws

    Tech Team

  • Administrator
  • 6,088 posts

Posted 07 September 2007 - 05:00 AM

Hi, Just to follow up on Doug's excellent advice, if you do decide to put in an extra 512Mb memory module it will probably give your machine extra horsepower! To see the make and model number of compatible memory for your machine you can go to: www.crucial.com (type that address in your browser) and let their scanner determine suitable RAM modules for you, it will also give you a price, but of course you are free to actually buy it wherever you like. You will need to accept an Avtive X control from Crucial to enable their scanner to work, but this is generally considered to be safe to do. They usually provide fitting instructions as well. Other major memory firms such as Kingston also provide detailed advice and compatibility/information and fitting instructions Regards paws
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#5 Jacee

Jacee

    SuperHelper

  • Retired Classroom Teacher
  • 7,695 posts
  • MVP

Posted 08 September 2007 - 04:56 PM

Hi bljcm5, following up on Doug's and paw's posts... you have W32/Gaobot.JSS.worm

I also see you have two firewalls. Please use one or the other because they are using, and no doubt fighting each other, for your system's resources.
Firewalls:
ZoneLabs\vsmon.exe
eTrust Internet Security Suite\caissdt.exe


Please download the free 15 day trial of Counterspy V2 http://www.sunbelt-s...ice/CounterSpy/
Don't run it yet.....

Next, open HJT, run a scan and check these items:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Linda\Application Data\iSafe.exe,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Policies\Explorer\Run: [SYSTEM] C:\WINDOWS\system32\cmss.exe


Close all windows except HJT, then click "fix checked". Exit out of HJT.

Now, Scan your computer with Counterspy V2

*****Save the report when it's finished:

1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Save the report to notepad (or copy/paste)
7.Reboot/restart your computer
8.Copy and Paste those details into your next reply along with a fresh HJT log.

MS MVP-Security 2006~2016


#6 bljcm5

bljcm5

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 08 September 2007 - 08:21 PM

Ok, I'm in the process of doing everything you recommended, EXCEPT.... I don't see a way to uninstall ZoneAlarm. Its not in the Add Remove Programs, nor is there a Zonelabs folder in the Programs folder,, I did a search on the ZoneLabs\vsmon.exe file and found it, but that folder doesn't contain an uninstall file either.. I can disable the vsmon.exe file from starting, but can you give me an Idea on how to uninstall it. I'll get back soon with the results of the new scans. Thankyou very much.

#7 Jacee

Jacee

    SuperHelper

  • Retired Classroom Teacher
  • 7,695 posts
  • MVP

Posted 08 September 2007 - 10:22 PM

Disable it for now, if you're sure that eTrust Internet Security Suite's Firewall is working.

MS MVP-Security 2006~2016


#8 bljcm5

bljcm5

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 09 September 2007 - 07:20 AM

I'm rushing around here,, I still don't have the firewalls done, because when i try to end process on the vsmon.exe it gives me a popup that says Access Denied.... I'll get that figured out and done soon.....
BUT attached is the Counterspy scan results as well as a fresh HJT log.
Thank you so much for your help with all this.



Scan History Details
Start Date: 9/8/2007 11:53:23 PM
End Date: 9/9/2007 1:10:26 AM
Total Time: 77 Min 3 Sec
Detected security risks

Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\owner\cookies\owner@cgi-bin[2].txt


ClickSpring.PuritySCAN Adware (General) more information...
Details: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.
Status: Deleted

Files detected
F:\Documents and Settings\Linda.STARLIGH-AE719P\Desktop\Programs downloaded\OiUninstaller.exe


WinSoftware Corporation, Inc. (v) Rogue Security Program more information...
Status: Deleted

Files detected
F:\Documents and Settings\Linda.STARLIGH-AE719P\Local Settings\Temp\NI.UWFX5_0001_N57M2811\setup.exe


Trojan.Killapp.30208.A Trojan more information...
Status: Deleted

Files detected
F:\HP\bin\Terminator.exe


Trojan-Downloader.Win32.Small.nhl Trojan Downloader more information...
Status: Deleted

Files detected
C:\174.tmp









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:02 AM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7131 bytes

#9 Jacee

Jacee

    SuperHelper

  • Retired Classroom Teacher
  • 7,695 posts
  • MVP

Posted 09 September 2007 - 09:12 AM

Please print these instructions out:

Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first


Don't reboot!

Next..........

If any of your anti-malware programs alert you about running this uninstaller, please allow it to run...it's safe.

Download and run this uninstaller:
http://www.outerinfo...Uninstaller.exe

Tutorial for the uninstaller if needed


Reboot when done and.......

------------------

Next....

1. Download ComboFix from one of the links below:

http://www.techsuppo...Bs/ComboFix.exe
http://download.blee...Bs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.

----------------

Next.........

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
------------------

Next.......

Please download SUPERAntiSpyware Home Edition (free) (SAS)

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes, Let it through your firewall!
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
  • Ignore System Restore/Volume Information on ME and XP
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
Yes.

To retrieve the removal information - please do the following:
  • After reboot, double-click the SUPERAntispyware icon on your desktop.
  • Click Preferences . Click the Statistics/Logs tab .
  • Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Please highlight everything , then right-click and choose copy.
  • Click close and close again to exit the program.
Reboot and post a fresh HJT log, the log from ComboFix and the log from SAS Free.

MS MVP-Security 2006~2016


#10 Jacee

Jacee

    SuperHelper

  • Retired Classroom Teacher
  • 7,695 posts
  • MVP

Posted 09 September 2007 - 02:13 PM

bljcm5, after reviewing CA eTrust Internet Security Suite, it becomes apparent that ZoneAlarm is part of that program.
DON'T disable your firewall!! :ph34r:

MS MVP-Security 2006~2016


#11 bljcm5

bljcm5

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 15 September 2007 - 09:42 PM

I thought that may be the case with the Firewall. Been out of town in the nice town of Houston, Texas all week, Just getting back to this Ohio problem.
Thanks for your help.

Here are the logs requested.


-----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:46 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1157422781\ee\aolsoftware.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6767 bytes



================================================
Start Time= Sun 09/09/2007 14:16:06.23

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-09-09 14:09:26 2 ( A.... ) "C:\WINDOWS\system32\wnsintisv.exe"
2007-09-08 21:49:18 ( .D... ) "C:\Documents and Settings\Linda\Application Data\Sunbelt Software"
2007-09-08 21:47:50 ( .D... ) "C:\Program Files\Sunbelt Software"
2007-09-06 19:41:40 ( .D... ) "C:\Program Files\Trend Micro"
2007-09-03 21:29:44 ( .D... ) "C:\Program Files\WinZip"
2007-08-31 21:41:54 ( .D... ) "C:\Documents and Settings\Linda\Application Data\Grisoft"
2007-08-31 21:41:30 ( .D... ) "C:\Program Files\Grisoft"
2007-08-30 22:13:30 ( .D... ) "C:\Program Files\HijackThis"
2007-08-27 20:47:32 ( .D... ) "C:\Documents and Settings\Linda\Application Data\Mozilla"
2007-08-27 20:47:10 ( .D... ) "C:\Program Files\Mozilla Firefox"
2007-08-27 15:05:52 14336 ( A.... ) "C:\WINDOWS\system32\svchost.exe"
2007-08-27 15:03:04 65536 ( A.... ) "C:\Documents and Settings\Linda\Application Data\iSafe.exe"
2007-08-27 11:26:10 27120 ( A.... ) "C:\WINDOWS\system32\SBBD.exe"
2007-08-26 13:05:00 ( .D... ) "C:\Program Files\CompuCram"
2007-08-03 00:34:10 16789464 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2007-07-31 18:06:12 ( .D... ) "C:\Program Files\MSN Messenger"
2007-07-30 19:19:42 1712984 ( A.... ) "C:\WINDOWS\system32\wuaueng.dll"
2007-07-30 19:19:36 549720 ( A.... ) "C:\WINDOWS\system32\wuapi.dll"
2007-07-30 19:19:32 325976 ( A.... ) "C:\WINDOWS\system32\wucltui.dll"
2007-07-30 19:19:28 203096 ( A.... ) "C:\WINDOWS\system32\wuweb.dll"
2007-07-30 19:19:20 92504 ( A.... ) "C:\WINDOWS\system32\cdm.dll"
2007-07-30 19:19:16 53080 ( A.... ) "C:\WINDOWS\system32\wuauclt.exe"
2007-07-30 19:19:12 43352 ( A.... ) "C:\WINDOWS\system32\wups2.dll"
2007-07-30 19:18:40 33624 ( A.... ) "C:\WINDOWS\system32\wups.dll"
2007-07-18 08:42:22 60416 ( ..... ) "C:\WINDOWS\system32\tzchange.exe"
2007-07-12 02:22:38 139264 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2007-07-12 01:22:04 135168 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2007-07-12 01:22:00 135168 ( A.... ) "C:\WINDOWS\system32\java.exe"
2007-06-26 10:35:54 665600 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2007-06-26 02:08:16 1104896 ( A.... ) "C:\WINDOWS\system32\msxml3.dll"
2007-06-19 09:31:20 282112 ( A.... ) "C:\WINDOWS\system32\gdi32.dll"
2007-06-15 04:12:30 3064320 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2007-06-15 04:12:30 1498112 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2007-06-15 04:12:30 616960 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2007-06-15 04:12:30 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2007-06-15 04:12:30 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2007-06-15 04:12:30 449024 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2007-06-15 04:12:30 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2007-06-15 04:12:30 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2007-06-15 04:12:28 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2007-06-15 04:12:28 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2007-06-15 04:12:28 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2007-06-15 04:12:28 251904 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2007-06-15 04:12:28 205824 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2007-06-15 04:12:28 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2007-06-15 04:12:28 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2007-06-15 04:12:28 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2007-06-15 04:12:28 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2007-06-14 06:08:46 350720 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2007-06-13 06:23:08 1033216 ( A.... ) "C:\WINDOWS\explorer.exe"
2007-06-11 23:51:12 10834944 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-10-25 19:40:44 1600 ( A.... ) "C:\Program Files\uninstal.log"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"bcmwltry"="bcmwltry.exe"
"removecpl"="RemoveCpl.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"CaISSDT"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
"QOELOADER"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust Anti-Spam\\QSP-4.0.380.0\\QOELoader.exe\""
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\""
"Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust Personal Firewall\\ca.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crtfmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="176"
"hkey"="HKLM"
"command"="c:\\176.tmp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1157422781\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shwiconem"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xpupdate"
"hkey"="HKCU"
"command"="C:\\Windows\\xpupdate.exe"
"inimapping"="0"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Sun 09/09/2007 14:17:46.98
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

========================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/09/2007 at 03:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3302
Trace Rules Database Version: 1308

Scan type : Complete Scan
Total Scan Time : 00:51:00

Memory items scanned : 365
Memory threats detected : 0
Registry items scanned : 5991
Registry threats detected : 2
File items scanned : 43916
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\Linda\Cookies\linda@ads.pointroll[1].txt
C:\Documents and Settings\Linda\Cookies\linda@ads.adbrite[2].txt
C:\Documents and Settings\Linda\Cookies\linda@ehg-gatehousemedia.hitbox[2].txt
C:\Documents and Settings\Linda\Cookies\linda@ehg-kingstontechnology.hitbox[2].txt
C:\Documents and Settings\Linda\Cookies\linda@questionmarket[2].txt
C:\Documents and Settings\Linda\Cookies\linda@server.iad.liveperson[2].txt
C:\Documents and Settings\Linda\Cookies\linda@www.burstnet[1].txt
C:\Documents and Settings\Linda\Cookies\linda@adopt.specificclick[1].txt
C:\Documents and Settings\Linda\Cookies\linda@tribalfusion[1].txt
C:\Documents and Settings\Linda\Cookies\linda@hitbox[2].txt
C:\Documents and Settings\Linda\Cookies\linda@adbrite[1].txt
C:\Documents and Settings\Linda\Cookies\linda@2o7[1].txt
C:\Documents and Settings\Linda\Cookies\linda@atdmt[1].txt
C:\Documents and Settings\Linda\Cookies\linda@specificclick[2].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR

Adware.ClickSpring/Outer Info Network
C:\DOCUMENTS AND SETTINGS\LINDA\DESKTOP\DOWNLOADED PROGRAMS\OIUNINSTALLER.EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSINTISV.EXE

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users