Jump to content
Sign in to follow this  
peb143

popups, slow computer, etc.... please help

Recommended Posts

I have tried so many virus scans and cant seem to get rid of the pop ups and the purity scan warnings... i also noticed that I have the Dot1XCfg thing in my add/remove applications. I am not good at this stuff so any help you could give me would be greatly appreciated. Here is my hijack this log....

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:13:29 PM, on 1/31/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\Documents and Settings\Alissa Anne\My Documents\?ssembly\c?rss.exe

C:\WINDOWS\system32\ssisvr32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\ALISSA~1\LOCALS~1\Temp\{FF9FF5FE-3543-4610-9E25-24573BFA2523}\setup.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3A6EF58E-044E-4F05-BC73-3BA890932F50} - C:\WINDOWS\system32\nnnon.dll (file missing)

O2 - BHO: (no name) - {4C6794B0-5B7C-02AE-5610-5B00B6BA8B9F} - C:\WINDOWS\system32\qixze.dll

O2 - BHO: {0de27ff5-8cbb-860a-6d34-81f07d2703b9} - {9b3072d7-0f18-43d6-a068-bbc85ff72ed0} - C:\WINDOWS\system32\bpafgbxx.dll (file missing)

O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\vtuuvwu.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sen] "C:\DOCUME~1\ALISSA~1\MYDOCU~1\SCURIT~1\services.exe" -vt yazb

O4 - HKCU\..\Run: [sli] "C:\Documents and Settings\Alissa Anne\My Documents\?ssembly\c?rss.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180885087126

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: cxxrssfs - cxxrssfs.dll (file missing)

O20 - Winlogon Notify: vtuuvwu - vtuuvwu.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe

O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 7066 bytes

Share this post


Link to post
Share on other sites

Hi and welcome

 

I see Grisoft\AVG7 antivirus and Trend Micro PC-cillin Internet Security both installed?

 

Never install more than one antivirus scanner or firewall on your system

This causes system clashes and instabilty, and the possiblty of false reports with a huge waste of system resources.While this may seem like greater protection, it can cause problems including slowdowns and system hangs.

You can keep both programs, but you must disable the real-time component of one AntiVirus, keeping it as an on-demand scanner, while the other AV will provide a real-time protection.

The alternative is to uninstall one AV and keep the other.

 

You make the call and if you need help uninstalling one please let me know.

 

 

Please visit this webpage for instructions for downloading and running ComboFix. Take your time and read the page completely. If there's anything you don't understand, post back and ask questions first, before proceeding.

How to use ComboFix

 

 

In your next reply post:

ComboFix.txt

New HJT log

Share this post


Link to post
Share on other sites

Hi again. Thanks for your help, I did everything you said and disabled Trend Micro's real time scan (but it is still showing up in hijackthis so i dont know what happened). Out of the two virus systems do you know which one I should install? I always find that trend micro catches some viruses while AVG catches others.

 

I also followed the instructions for the combo fix. Any help with the viruses would be greatly appreciated and any advice on how I can make my computer run faster would be greatly appreciated also. THANKS SO MUCH!

 

Here are the logs.

 

ComboFix 08-02.01.6 - Alissa Anne 2008-02-01 20:22:41.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.467 [GMT -5:00]

Running from: C:\Documents and Settings\Alissa Anne\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Alissa Anne\Application Data\ICROSO~1.NET

C:\Documents and Settings\Alissa Anne\My Documents\SCURIT~1

C:\Documents and Settings\Alissa Anne\My Documents\SCURIT~1\s?curity\

C:\Documents and Settings\Alissa Anne\My Documents\SCURIT~1\services.exe

C:\Documents and Settings\Alissa Anne\My Documents\SSEMBL~1

C:\Documents and Settings\Alissa Anne\My Documents\SSEMBL~1\c?rss.exe

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\Program Files\outerinfo

C:\Program Files\Temporary

C:\Program Files\ystem~1

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\WINDOWS\system32\cxxrssfs.dllbox

C:\WINDOWS\system32\nonnn.ini

C:\WINDOWS\system32\nonnn.ini2

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\qixze.dll

 

----- BITS: Possible infected sites -----

 

hxxp://au.download.windowsupdate.com

hxxp://dl.google.com

.

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

 

2008-02-01 20:21 . 2004-08-03 23:00 260,272 --a------ C:\cmldr

2008-02-01 20:21 . 2006-01-31 15:21 211 --a------ C:\Boot.bak

2008-01-31 19:35 . 2008-01-31 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-30 19:24 . 2008-01-30 19:24 <DIR> d-------- C:\TimezAttack

2008-01-25 19:54 . 2006-01-27 18:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel

2008-01-25 19:54 . 2006-01-27 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel

2008-01-25 19:10 . 2008-01-31 21:02 <DIR> d-------- C:\Program Files\RogueRemover FREE

2008-01-25 18:12 . 2008-01-25 18:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-25 18:08 . 2008-01-25 18:13 <DIR> d-------- C:\Documents and Settings\Alissa Anne\.housecall6.6

2008-01-25 17:14 . 2008-01-26 08:56 <DIR> d-------- C:\Program Files\Dot1XCfg

2008-01-25 17:10 . 2008-01-25 17:10 <DIR> d-------- C:\WINDOWS\system32\wnis6

2008-01-25 17:10 . 2008-01-25 17:10 <DIR> d-------- C:\WINDOWS\system32\nip4

2008-01-25 17:10 . 2008-01-26 08:56 <DIR> d-------- C:\WINDOWS\system32\nGpxx01

2008-01-25 17:10 . 2008-01-25 17:10 <DIR> d-------- C:\WINDOWS\system32\ets1

2008-01-25 17:10 . 2008-01-26 08:56 <DIR> d-------- C:\WINDOWS\system32\deb3

2008-01-25 17:10 . 2008-01-25 18:55 <DIR> d-------- C:\WINDOWS\system32\comg9

2008-01-25 17:10 . 2008-01-25 17:10 <DIR> d-------- C:\temp\gTiis19

2008-01-25 17:10 . 2008-01-25 17:10 <DIR> d-------- C:\temp\cXzz9

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-01 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-01 02:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-01 02:12 --------- d-----w C:\Program Files\Trend Micro

2008-02-01 00:36 --------- d-----w C:\Program Files\Lavasoft

2008-02-01 00:36 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\Lavasoft

2008-02-01 00:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-26 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-07 17:47 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\Move Networks

2008-01-05 05:16 --------- d-----w C:\Program Files\DivX

2007-12-29 03:01 --------- d-----w C:\Program Files\AIM6

2007-12-29 02:45 --------- d-----w C:\Program Files\Viewpoint

2007-12-29 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2007-12-29 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-12-27 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-14 08:06 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\RipIt4Me

2007-12-11 02:36 --------- d-----w C:\Program Files\MSECache

2007-12-11 02:28 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\Hewlett-Packard

2007-12-11 02:24 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2007-12-11 02:23 --------- d-----w C:\Program Files\Hewlett-Packard

2007-12-11 01:42 --------- d-----w C:\Program Files\iTunes

2007-12-11 01:42 --------- d-----w C:\Program Files\iPod

2007-12-11 01:40 --------- d-----w C:\Program Files\QuickTime

2007-12-11 01:37 --------- d-----w C:\Program Files\Apple Software Update

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-07-13 16:38 14,434,304 ----a-w C:\Program Files\TiVoDesktop2.4a.exe

2007-05-29 17:01 6,928,341 ----a-w C:\Program Files\ssapiptn507.zip

2007-05-29 16:59 5,388,454 ----a-w C:\Program Files\spyw507.zip

2007-04-05 14:00 2,214,148 ----a-w C:\Program Files\securexam.exe

2007-03-20 04:37 81,920 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\ezpinst.exe

2007-03-20 04:37 47,360 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\pcouffin.sys

2006-12-28 04:51 36,659,994 ----a-w C:\Program Files\iPhoto604Update.dmg

2006-11-16 19:26 43,736 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\GDIPFONTCACHEV1.DAT

2006-11-02 03:07 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe

2006-10-29 18:26 5,900,416 ----a-w C:\Program Files\Firefox Setup 2.0.exe

2006-09-21 18:35 299,288 ----a-w C:\Program Files\GmailInstaller.exe

2006-09-14 05:09 1,239,620 ----a-w C:\Program Files\VobBlanker_2110_exe.zip

2006-09-13 05:18 1,308,351 ----a-w C:\Program Files\DVDFabDecrypter29.exe

2006-09-12 13:41 8,421,648 ----a-w C:\Program Files\objectdock_freeware.exe

2006-06-24 04:33 184,808 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\shb.dat

2006-05-19 19:08 789,480 ----a-w C:\Program Files\NetzeroSetup.exe

2006-03-12 08:36 47,659,176 ----a-w C:\Program Files\iPodSetup.exe

2006-02-22 15:18 5,528,952 ----a-w C:\Program Files\winamp513_full_emusic-7plus.exe

2006-02-16 19:24 212,849 ----a-w C:\Program Files\hijackthis.zip

2006-02-15 01:02 8,162,111 ----a-w C:\Program Files\htEasyVideoEditor20shareeng.exe

2006-02-10 02:34 1,014,477 ----a-w C:\Program Files\wrar351.exe

2006-02-08 23:23 11,486,720 ----a-w C:\Program Files\TiVo Desktop 2.2.exe

2005-01-21 03:23 45,056 ------r C:\Program Files\SetAttrib.exe

2004-11-30 09:53 40,960 ------r C:\Program Files\delete.exe

2007-08-06 01:05 104 --sh--r C:\WINDOWS\system32\C576F6ABA3.sys

2007-08-06 01:05 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A6EF58E-044E-4F05-BC73-3BA890932F50}]

C:\WINDOWS\system32\nnnon.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b3072d7-0f18-43d6-a068-bbc85ff72ed0}]

C:\WINDOWS\system32\bpafgbxx.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-05-02 13:12 1193472]

"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-05-02 13:13 373760]

"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-05-02 13:14 1463296]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"Sen"="C:\DOCUME~1\ALISSA~1\MYDOCU~1\SCURIT~1\services.exe" [ ]

"Sli"="C:\Documents and Settings\Alissa Anne\My Documents\?ssembly\c?rss.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-10 00:27 185896]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-12 11:39 1838592]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 04:46 219136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cxxrssfs]

cxxrssfs.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwu]

vtuuvwu.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" [2007-05-02 13:12]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-21 20:18]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-30 20:20:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 02:27:04 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1197339958.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-01 20:33:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\ssisvr32.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2008-02-01 20:38:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-02 01:38:01

.

2008-01-10 08:03:57 --- E O F ---

 

 

 

 

 

HIJACK THIS ---

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:42:11 PM, on 2/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\ssisvr32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3A6EF58E-044E-4F05-BC73-3BA890932F50} - C:\WINDOWS\system32\nnnon.dll (file missing)

O2 - BHO: {0de27ff5-8cbb-860a-6d34-81f07d2703b9} - {9b3072d7-0f18-43d6-a068-bbc85ff72ed0} - C:\WINDOWS\system32\bpafgbxx.dll (file missing)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sen] "C:\DOCUME~1\ALISSA~1\MYDOCU~1\SCURIT~1\services.exe" -vt yazb

O4 - HKCU\..\Run: [sli] "C:\Documents and Settings\Alissa Anne\My Documents\?ssembly\c?rss.exe"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180885087126

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: cxxrssfs - cxxrssfs.dll (file missing)

O20 - Winlogon Notify: vtuuvwu - vtuuvwu.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe

O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

--

End of file - 6388 bytes

Share this post


Link to post
Share on other sites

Welcome back

 

Hi again. Thanks for your help, I did everything you said and disabled Trend Micro's real time scan (but it is still showing up in hijackthis so i dont know what happened). Out of the two virus systems do you know which one I should install? I always find that trend micro catches some viruses while AVG catches others.

I know it's sad to say there isn't one that will catch it all.

What I can say is that Trend Micro is a paid for security application and AVG is one of the better known free programs available.

It will boil down to user's choice, after your machine is clean I can offer Spyware scanners that compliment Antivirus software and should aid you better in keeping a clean machine.

 

 

For right now you need to make a decision as to which one to keep or totally disable while we work on cleaning your machine.

 

 

Please print or copy these instructions to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

 

 

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

A side note about AIM Messenger, AOL user's and Viewpoint Manager. Viewpoint is one of the graphic engines that AOL uses and it is bundled with the application. If you continue to use AIM Messenger, it would likely be reinstalled. Or if you recieve some of the AOL E-cards it may ask you to download and run this program to view and run the graphics in E-cards.

Your call

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

 

Viewpoint

Viewpoint Manager

Viewpoint Media Player

 

 

 

 

====================================

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {3A6EF58E-044E-4F05-BC73-3BA890932F50} - C:\WINDOWS\system32\nnnon.dll (file missing)

O2 - BHO: {0de27ff5-8cbb-860a-6d34-81f07d2703b9} - {9b3072d7-0f18-43d6-a068-bbc85ff72ed0} - C:\WINDOWS\system32\bpafgbxx.dll (file missing)

O4 - HKCU\..\Run: [sen] "C:\DOCUME~1\ALISSA~1\MYDOCU~1\SCURIT~1\services.exe" -vt yazb

O4 - HKCU\..\Run: [sli] "C:\Documents and Settings\Alissa Anne\My Documents\?ssembly\c?rss.exe"

O20 - Winlogon Notify: cxxrssfs - cxxrssfs.dll (file missing)

O20 - Winlogon Notify: vtuuvwu - vtuuvwu.dll (file missing)

 

 

 

 

 

===================================

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

 

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

File:: 
C:\WINDOWS\system32\nnnon.dll
C:\WINDOWS\system32\bpafgbxx.dll

Folder::
C:\Program Files\Dot1XCfg
C:\WINDOWS\system32\wnis6
C:\WINDOWS\system32\nip4
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\ets1
C:\WINDOWS\system32\deb3
C:\WINDOWS\system32\comg9
C:\temp\gTiis19
C:\temp\cXzz9
C:\temp
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A6EF58E-044E-4F05-BC73-3BA890932F50}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b3072d7-0f18-43d6-a068-bbc85ff72ed0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sen"=-
"Sli"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cxxrssfs]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwu]

 

 

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

 

 

NEXT

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives

      Scan Mail Bases

  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Posted Image

 

Posted Image

 

 

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

======================================================

 

 

In your next reply post:

ComboFix.txt

Kaspersky log

New HJT log taken after the above scans have run

 

Please let me know how the computer is running now

Share this post


Link to post
Share on other sites

OK I'm back. The annoying popups are gone and my computer is running a little faster now. I understand what you are saying about the antivirus and I disabled the trend micro program, however, I cant figure out if it is fully disabled or still running in the background and cant figure out how to disable it so it doesnt start again on startup. Worst case scenario I will uninstall it completely and keep AVG but I am not convinced AVG is running up to par because its icon is not always in my toolbar and I cant figure out if it is running in the background. (excuse my ignorance, i told you I was new at this stuff haha.) Anyways, do you recommend that I just delete trend micro altogether and wait for your advice on the added programs to install once my computer is cleaned out?

 

Here are the logs from this session.....

 

 

ComboFix 08-02.01.6 - Alissa Anne 2008-02-01 22:44:31.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.564 [GMT -5:00]

Running from: C:\Documents and Settings\Alissa Anne\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Alissa Anne\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\system32\bpafgbxx.dll

C:\WINDOWS\system32\nnnon.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\Program Files\Dot1XCfg

C:\temp

C:\temp\gTiis19\lTig.log

C:\temp\HP All-in-One Series Web Release\aiodrv.msi

C:\temp\HP All-in-One Series Web Release\aiosw.msi

C:\temp\HP All-in-One Series Web Release\autorun.inf

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzcfg07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzcon07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzeng07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzflt07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzimb07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzimc07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzime07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzimp07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzjui07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzpcl07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzpre07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzres07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzslk07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzstc07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzstw07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpztbi07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpztbu07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpztbx07.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\com_os\hpzvip07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win2k_xp\hpz2ku07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win2k_xp\hpzcoi07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win2k_xp\hpzlnt07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win2k_xp\hpzntp07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win2k_xp\hpzsnt07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\HPZ9XD07.dr_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpz9xp07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpzfac07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpziol9x.vx_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpzion9x.vx_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpziop98.vx_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpziop9x.vx_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpziou01.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpzl9x07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpzs9x07.dl_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpzsta9x.ex_

C:\temp\HP All-in-One Series Web Release\common\drivers\win9x_me\hpzstsin.dl_

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZid412.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZidr12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZinw12.exe

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZipm12.exe

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZipr12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZipr12.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZipt12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZisn12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZius12.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\Win2000\HPZs2k12.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZBRX12.PDR

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZid412.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZidr12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZimn12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZinw12.exe

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZipm12.exe

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZipr12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZipr12.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZipt12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZisn12.dll

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZius12.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\HPZs9X12.sys

C:\temp\HP All-in-One Series Web Release\Drivers\dot4\win98\usbmon.dl_

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\hpgtpusd.dll

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\hpgwiamd.dll

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\hpotscl.dll

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\hpovst08.dll

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\hpqgends.tmp

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\msvcp60.dll

C:\temp\HP All-in-One Series Web Release\Drivers\Scanner\usbscan.sy_

C:\temp\HP All-in-One Series Web Release\Drivers\Uninst\enu\hpomdl01.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\HPOCABPR.HLP

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpocahpr.hlp

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpocampr.hlp

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpocaspr.hlp

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpof4007.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpof4107.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpofax08.dll

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop1007.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop1107.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop1207.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop2007.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop2107.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop2207.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop4007.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop4107.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpop6107.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpopd907.dat

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpzr3207.dl_

C:\temp\HP All-in-One Series Web Release\enu\drivers\com_lang\hpzrp307.dl_

C:\temp\HP All-in-One Series Web Release\enu\drivers\win9x_me\hpoupdrx.inf

C:\temp\HP All-in-One Series Web Release\enu\drivers\win9x_me\HPZimn12.dll

C:\temp\HP All-in-One Series Web Release\enu\drivers\win9x_me\hpzrp107.dl_

C:\temp\HP All-in-One Series Web Release\enu\drivers\win9x_me\usbmon.dll

C:\temp\HP All-in-One Series Web Release\enu\drivers\win9x_me\usbprint.sys

C:\temp\HP All-in-One Series Web Release\hpoglu08.inf

C:\temp\HP All-in-One Series Web Release\hpomdl01.dat

C:\temp\HP All-in-One Series Web Release\hpoprn08.cat

C:\temp\HP All-in-One Series Web Release\hpoprn08.inf

C:\temp\HP All-in-One Series Web Release\hposcu08.cat

C:\temp\HP All-in-One Series Web Release\hposcu08.inf

C:\temp\HP All-in-One Series Web Release\hpound08.inf

C:\temp\HP All-in-One Series Web Release\HPOunp08.cat

C:\temp\HP All-in-One Series Web Release\hpounp08.inf

C:\temp\HP All-in-One Series Web Release\hpousb08.inf

C:\temp\HP All-in-One Series Web Release\hpousc08.inf

C:\temp\HP All-in-One Series Web Release\hpzc3212.dll

C:\temp\HP All-in-One Series Web Release\hpzcin06.ex_

C:\temp\HP All-in-One Series Web Release\hpzglu07.exe

C:\temp\HP All-in-One Series Web Release\HPZid412.cat

C:\temp\HP All-in-One Series Web Release\hpzid412.inf

C:\temp\HP All-in-One Series Web Release\hpzion00.sy_

C:\temp\HP All-in-One Series Web Release\hpziou01.dl_

C:\temp\HP All-in-One Series Web Release\HPZipr12.cat

C:\temp\HP All-in-One Series Web Release\hpzipr12.inf

C:\temp\HP All-in-One Series Web Release\hpzist12.cat

C:\temp\HP All-in-One Series Web Release\hpzist12.inf

C:\temp\HP All-in-One Series Web Release\HPZius12.cat

C:\temp\HP All-in-One Series Web Release\hpzius12.inf

C:\temp\HP All-in-One Series Web Release\hpzjlog.dll

C:\temp\HP All-in-One Series Web Release\hpzjpp01.dll

C:\temp\HP All-in-One Series Web Release\hpzjut01.dll

C:\temp\HP All-in-One Series Web Release\hpzjvp01.dll

C:\temp\HP All-in-One Series Web Release\hpzpnp07.dll

C:\temp\HP All-in-One Series Web Release\hpzpom04.dl_

C:\temp\HP All-in-One Series Web Release\hpzscr07.dll

C:\temp\HP All-in-One Series Web Release\hpzuci02.dl_

C:\temp\HP All-in-One Series Web Release\HPZUCI12.DLL

C:\temp\HP All-in-One Series Web Release\hpzusb00.sy_

C:\temp\HP All-in-One Series Web Release\MFC42.DLL

C:\temp\HP All-in-One Series Web Release\msvcirt.dll

C:\temp\HP All-in-One Series Web Release\msvcrt.dll

C:\temp\HP All-in-One Series Web Release\readme.html

C:\temp\HP All-in-One Series Web Release\Setup.exe

C:\temp\HP All-in-One Series Web Release\Setup\Data.Cab

C:\temp\HP All-in-One Series Web Release\Setup\enu\Readme.html

C:\temp\HP All-in-One Series Web Release\Setup\hpoblk01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPOlex01.exe

C:\temp\HP All-in-One Series Web Release\Setup\hpomdl01.dat

C:\temp\HP All-in-One Series Web Release\Setup\hposcr01.dat

C:\temp\HP All-in-One Series Web Release\Setup\hposcr02.dat

C:\temp\HP All-in-One Series Web Release\Setup\HPOwrp01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPZarp01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPZchk01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPZpnp01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPZrein01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPZscr01.exe

C:\temp\HP All-in-One Series Web Release\Setup\HPZwis01.exe

C:\temp\HP All-in-One Series Web Release\Setup\MM1.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM10.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM11.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM12.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM13.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM14.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM15.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM16.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM17.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM18.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM19.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM20.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM21.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM22.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM23.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM24.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM27.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM3.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM4.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM5.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM6.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM7.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM8.Cab

C:\temp\HP All-in-One Series Web Release\Setup\MM9.Cab

C:\temp\HP All-in-One Series Web Release\Setup\product\1000.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\1033.mst

C:\temp\HP All-in-One Series Web Release\Setup\product\1100.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\1200.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\2100.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\2150.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\2170.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\2200.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\4100.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\4105.msi

C:\temp\HP All-in-One Series Web Release\Setup\product\6100.msi

C:\temp\HP All-in-One Series Web Release\Setup\usbready.exe

C:\temp\HP All-in-One Series Web Release\Setup\Wis\Win2K_XP\instmsi.exe

C:\temp\HP All-in-One Series Web Release\Setup\Wis\Win9x\instmsi.exe

C:\temp\HP All-in-One Series Web Release\tls704d.dll

C:\temp\HP All-in-One Series Web Release\usbmon.dll

C:\temp\HP All-in-One Series Web Release\usbprint.sys

C:\temp\HP All-in-One Series Web Release\util\AiO\hpopdi05.exe

C:\temp\HP All-in-One Series Web Release\util\AiO\hpopin05.exe

C:\temp\HP All-in-One Series Web Release\util\AiO\HPOprl01.exe

C:\temp\HP All-in-One Series Web Release\util\CCC\240075.exe

C:\temp\HP All-in-One Series Web Release\util\CCC\270615USAM.EXE

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hposcr08.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hposcr12.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\HPZscr01.exe

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.1000.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.1100.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.1200.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.2100.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.2150.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.2170.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.2200.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.4100.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.4105.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\bin\hpzscr12.6100.dat

C:\temp\HP All-in-One Series Web Release\util\CCC\cleanup\cleanall.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\cleanup\hposcrlr.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\enu\Q283787_W2K_SP3_x86.EXE

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr1000.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr1100.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr1200.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr2100.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr2150.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr2170.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr2200.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr4100.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr4105.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\hpzscr6100.bat

C:\temp\HP All-in-One Series Web Release\util\CCC\Q256858_W2K_SP1_x86.EXE

C:\temp\HP All-in-One Series Web Release\util\cfgmgr32.dll

C:\temp\HP All-in-One Series Web Release\util\common\hpzghl07.exe

C:\temp\HP All-in-One Series Web Release\util\common\hpzpin07.exe

C:\temp\HP All-in-One Series Web Release\util\HpAiOScrubber.exe

C:\temp\HP All-in-One Series Web Release\util\setupapi.dll

C:\WINDOWS\system32\comg9

C:\WINDOWS\system32\deb3

C:\WINDOWS\system32\ets1

C:\WINDOWS\system32\ets1\ovstadcom2.exe

C:\WINDOWS\system32\nGpxx01

C:\WINDOWS\system32\nip4

C:\WINDOWS\system32\wnis6

C:\WINDOWS\system32\wnis6\enamd83122.exe

 

----- BITS: Possible infected sites -----

 

hxxp://au.download.windowsupdate.com

.

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

 

2008-02-01 20:21 . 2004-08-03 23:00 260,272 --a------ C:\cmldr

2008-02-01 20:21 . 2006-01-31 15:21 211 --a------ C:\Boot.bak

2008-01-31 19:35 . 2008-01-31 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-30 19:24 . 2008-01-30 19:24 <DIR> d-------- C:\TimezAttack

2008-01-25 19:54 . 2006-01-27 18:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel

2008-01-25 19:54 . 2006-01-27 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel

2008-01-25 19:10 . 2008-01-31 21:02 <DIR> d-------- C:\Program Files\RogueRemover FREE

2008-01-25 18:12 . 2008-01-25 18:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-25 18:08 . 2008-01-25 18:13 <DIR> d-------- C:\Documents and Settings\Alissa Anne\.housecall6.6

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint

2008-02-01 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-01 02:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-01 02:12 --------- d-----w C:\Program Files\Trend Micro

2008-02-01 00:36 --------- d-----w C:\Program Files\Lavasoft

2008-02-01 00:36 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\Lavasoft

2008-02-01 00:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-26 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-07 17:47 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\Move Networks

2008-01-05 05:16 --------- d-----w C:\Program Files\DivX

2007-12-29 03:01 --------- d-----w C:\Program Files\AIM6

2007-12-29 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads

2007-12-27 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-14 08:06 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\RipIt4Me

2007-12-11 02:36 --------- d-----w C:\Program Files\MSECache

2007-12-11 02:28 --------- d-----w C:\Documents and Settings\Alissa Anne\Application Data\Hewlett-Packard

2007-12-11 02:24 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2007-12-11 02:23 --------- d-----w C:\Program Files\Hewlett-Packard

2007-12-11 01:42 --------- d-----w C:\Program Files\iTunes

2007-12-11 01:42 --------- d-----w C:\Program Files\iPod

2007-12-11 01:40 --------- d-----w C:\Program Files\QuickTime

2007-12-11 01:37 --------- d-----w C:\Program Files\Apple Software Update

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-07-13 16:38 14,434,304 ----a-w C:\Program Files\TiVoDesktop2.4a.exe

2007-05-29 17:01 6,928,341 ----a-w C:\Program Files\ssapiptn507.zip

2007-05-29 16:59 5,388,454 ----a-w C:\Program Files\spyw507.zip

2007-04-05 14:00 2,214,148 ----a-w C:\Program Files\securexam.exe

2007-03-20 04:37 81,920 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\ezpinst.exe

2007-03-20 04:37 47,360 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\pcouffin.sys

2006-12-28 04:51 36,659,994 ----a-w C:\Program Files\iPhoto604Update.dmg

2006-11-16 19:26 43,736 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\GDIPFONTCACHEV1.DAT

2006-11-02 03:07 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe

2006-10-29 18:26 5,900,416 ----a-w C:\Program Files\Firefox Setup 2.0.exe

2006-09-21 18:35 299,288 ----a-w C:\Program Files\GmailInstaller.exe

2006-09-14 05:09 1,239,620 ----a-w C:\Program Files\VobBlanker_2110_exe.zip

2006-09-13 05:18 1,308,351 ----a-w C:\Program Files\DVDFabDecrypter29.exe

2006-09-12 13:41 8,421,648 ----a-w C:\Program Files\objectdock_freeware.exe

2006-06-24 04:33 184,808 ----a-w C:\Documents and Settings\Alissa Anne\Application Data\shb.dat

2006-05-19 19:08 789,480 ----a-w C:\Program Files\NetzeroSetup.exe

2006-03-12 08:36 47,659,176 ----a-w C:\Program Files\iPodSetup.exe

2006-02-22 15:18 5,528,952 ----a-w C:\Program Files\winamp513_full_emusic-7plus.exe

2006-02-16 19:24 212,849 ----a-w C:\Program Files\hijackthis.zip

2006-02-15 01:02 8,162,111 ----a-w C:\Program Files\htEasyVideoEditor20shareeng.exe

2006-02-10 02:34 1,014,477 ----a-w C:\Program Files\wrar351.exe

2006-02-08 23:23 11,486,720 ----a-w C:\Program Files\TiVo Desktop 2.2.exe

2005-01-21 03:23 45,056 ------r C:\Program Files\SetAttrib.exe

2004-11-30 09:53 40,960 ------r C:\Program Files\delete.exe

2007-08-06 01:05 104 --sh--r C:\WINDOWS\system32\C576F6ABA3.sys

2007-08-06 01:05 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-05-02 13:12 1193472]

"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-05-02 13:13 373760]

"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-05-02 13:14 1463296]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-10 00:27 185896]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-12 11:39 1838592]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 04:46 219136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" [2007-05-02 13:12]

R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-21 20:18]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-30 20:20:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 02:27:04 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1197339958.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-01 22:51:30

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-01 22:53:39

ComboFix-quarantined-files.txt 2008-02-02 03:53:29

ComboFix2.txt 2008-02-02 01:38:16

.

2008-01-10 08:03:57 --- E O F ---

 

 

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Saturday, February 02, 2008 12:28:49 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 2/02/2008

Kaspersky Anti-Virus database records: 545785

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

 

Scan Statistics:

Total number of scanned objects: 74342

Number of viruses found: 9

Number of infected objects: 18

Number of suspicious objects: 0

Duration of the scan process: 01:03:15

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\Alissa Anne\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Alissa Anne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Alissa Anne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Alissa Anne\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alissa Anne\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Alissa Anne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alissa Anne\ntuser.dat Object is locked skipped

C:\Documents and Settings\Alissa Anne\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Philips\Philips SPC210NC Webcam\MioNet\install_MioNet_ver1_6_11.exe/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped

C:\Program Files\Philips\Philips SPC210NC Webcam\MioNet\install_MioNet_ver1_6_11.exe CreateInstall: infected - 1 skipped

C:\QooBox\Quarantine\C\Documents and Settings\Alissa Anne\My Documents\SCURIT~1\services.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\qixze.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wnis6\enamd83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wnis6\enamd83122.exe.vir NSIS: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP216\A0013695.dll Infected: not-a-virus:AdWare.Win32.Agent.acn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP216\A0013700.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP216\A0013700.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP218\A0013779.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP218\A0013780.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP219\A0013809.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP221\A0013885.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP221\A0013887.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP221\A0013887.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0014078.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP226\A0014209.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP226\A0014209.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP226\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:31:21 AM, on 2/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\ssisvr32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

C:\Program Files\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180885087126

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe

O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 5420 bytes

Share this post


Link to post
Share on other sites

Potentially unwanted tools are not a problem.This is related to your web cam.

 

We will now take care of the rest found by the Kaspersky scan.

 

 

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.

     

    Example below

    Posted Image

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

Your HJT log is in good shape now.

 

 

The annoying popups are gone and my computer is running a little faster now

:tup:

I understand what you are saying about the antivirus and I disabled the trend micro program, however, I cant figure out if it is fully disabled or still running in the background and cant figure out how to disable it so it doesnt start again on startup

The easiest way is by msconfig. And thats not a guarantee that it is completely disabled. Some protection programs have built in processes that prevent being totally shut down, the application doesn't know if it is by users choice or by malware.

Worst case scenario I will uninstall it completely and keep AVG but I am not convinced AVG is running up to par because its icon is not always in my toolbar and I cant figure out if it is running in the background.

If you uninstall Trend Micro can it be installed again if you see your not happy with AVG as a stand alone (Or other antivirus choice)?

Also I can supply you links to other Antivirus programs, you can experiment with to see if they suit your needs better.

I can supply you with links to known good Free Firewalls to.

 

Users have discovered Security Suites can bog down a machine especially when some systems are low on available resources.

 

Never install more than one antivirus scanner or firewall on your system

 

Avira

 

Avast!

How to Install, Configure, and Use Avast Antivirus

 

 

If you decide to download and install another Firewall....please disable Windows Firewall.

Start menu->>Control Panel->>Security Center->>Windows Firewall and disable Windows Firewall.

 

The following FREE versions are:

Zone Alarm free:

http://www.zonealarm.com/store/content/cat...=US&lang=en

PDF documention for Zone Alarm available here:

http://www.zonealarm.com/store/content/sup...a/znalmMain.jsp

If you are going to try Zone Alarm I suggest to just install the basic firewall so the bundled trial Antivirus does not get installed, Also I recommend NOT installing the new optional feature Spy Blocker, as it's run by the questionable search engine Ask.com. You can read more about Ask.com http://www.benedelman.org/spyware/installa...kjeeves-banner/

 

Comodo free:

http://www.personalfirewall.comodo.com/

Tutorial for install:

http://www.nordicnature.net/tutorials/index.html

 

 

I hope I have covered your questions....

 

If there are no more issues your good to go!

 

Below are recommendations to protect your computer.

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 2.0 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

How to prevent Malware: Created by Miekiemoes

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Free Antivirus-AntiSpyware-Firewall Software

Share this post


Link to post
Share on other sites

Thanks for all the help. Just a few more questions.

I uninstalled trend-micro and AVG and re-installed AVG (I was worried that I did something somewhere and AVG wasnt running properly)

 

I also installed the Zonealarm as directed and disable the windows firewall. I am going to go through the rest of the email and install any critical updates I dont have from the windows update.

 

Now is it helpful for me to have an anti-spyware application also? I noticed that AVG has an anti-spyware program, but I wanted to see what you recommend before I do anything.

 

Also I think one of my biggest problems with my computer is that I have alot of applications running in the background that I never use (such as Tivo, Itunes, etc.). How do I stop these applications from running in the background and taking up my computer resources?

Share this post


Link to post
Share on other sites

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

 

Reboot your machine to set the registry

 

 

Now is it helpful for me to have an anti-spyware application also

Yes it is.....

I noticed that AVG has an anti-spyware program, but I wanted to see what you recommend before I do anything.

This is a good anti-spyware program to have onboard and use regularly.

If you install AVG AntiSpyware which is a good complimentive program, after you install, AVG A/S guard will be in your startup programs list I think for about 30 days while the trial runs.

You can run another HJT log and locate the entry for AVG AntiSpyware and check the box, then select remove and reboot.

 

Follow these guidelines if installing and using AVG A/S.

 

Please download AVG Anti-Spyware

 

or go to this link

http://free.grisoft.com/doc/download-free-...pyware/us/frt/0

 

 

Click: Save, and do so to the Desktop

Locate the icon on the Desktop and double-click it to launch the set up program.

Follow the prompts to Install

  • On the main Status screen, under Your Computer's Security > Resident Shield, click Change State for active to show inactive
  • Still on the main screen, by Last Update click: Update now
Once the update completes:
  • At the top of the screen select: Scanner
  • Select the Settings tab
  • In the How to act area > Set default action for detected malware, click on the entry and select Quarantine!!
To do the scan:
  • Select the Scan tab
  • Click Complete System Scan to start the action
Once the scan is complete...

[*]If there are any infections, a prompt appears with the number of objects found

[*]Select: Apply all actions and allow it to do so

Share this post


Link to post
Share on other sites

I did everything you said and I know I'm needy but can you walk me through removing running programs in msconfig?

 

Thanks

Edited by peb143

Share this post


Link to post
Share on other sites

I did everything you said and I know I'm needy but can you walk me through removing running programs in msconfig?

 

And what should I do after the trial period is up for the AVG anti-spyware? is there a free program out there?

 

If you followed my last HJT instructions, those were the items in msconfig that HJT will disable at bootup.

 

Let's try this.

 

 

Go to start>run> type in msconfig and click OK

Go to the StartUp tab

Items listed there with check marks by their name tell me what they are...

 

 

AVG A/S provides background protection for 30 days, after that time it still remains a free antispyware program.

It usually updates once a day so before you scan check the Update tab and let those download before scanning.

Share this post


Link to post
Share on other sites

OK I will do that in one minute, AVG spyware is scanning my computer right now...

 

So after the scan is over in a minute or so I should delete the AVG spyware from the HJT and reboot?

Share this post


Link to post
Share on other sites

also how did you know earlier that I had a webcam? Is that running in my background because I havent used it forever and can certainly disable it. Although my computer is running much better its still pretty slow and its only about a year old, thats why I'm really concerned about it.

 

by the way, your icon is very fitting, you are really an angel for having the patience to help me with this. Thank you for everything.

Share this post


Link to post
Share on other sites

Can take several minutes depending on your machine....

So after the scan is over in a minute or so I should delete the AVG spyware from the HJT and reboot?

Just the startup entry that will be located in 04, those are programs that load at each bootup.

 

 

Tell ya what....since there is a slight confusion here...after your scan take another HJT log and post it here.

Share this post


Link to post
Share on other sites

I finished my scan and while exiting it warned me that I will not be protected because resident shield is inactive... is this okay??

 

Heres the HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:41:55 AM, on 2/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\ssisvr32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180885087126

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe

O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 4396 bytes

 

 

 

 

and here is my startup

 

 

 

Zone labs\zonealarm\zlclient.exe

Grisoft\avg7\avgcc.exe\startup

grisoft\avg anti-spyware 7.5\avgas.exe/minimized

(blank space with a checked box)

system32\ctfmon.exe

 

 

When I go into the next tab called services I see that there are ALOT of programs running including

adaware2007

application layer gateway service

aol connectivity service

apple mobile device

windows audio

AVG7 alert manager server

AVG7 update service

AVG email scanner

background intelligent transfer

computer browser

cryptographic services

DHCP client

DNS client

error reporting service

event log

com+event system

fst user switching compatibility

help and support

HID input service

remote access connection manager

task scheduler

tivo beacon

AVG spyware guard

 

 

How do i stop some of these from running- like the tivo beacon (which i had previously check in HJT), adaware2007, Apple mobile device (do you know what this is for? itunes maybe?), Messenger sharing folders USN journal reader service (i have no idea what this is either and the manufacturer is unknown)

Share this post


Link to post
Share on other sites

I finished my scan and while exiting it warned me that I will not be protected because resident shield is inactive... is this okay?

 

Yes this is fine or otherwise it could conflict with your Firewall.

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

 

Reboot.

 

You don't need AVG A/S loading, when ready to use just doubleclick on the icon to use the program.

 

When I go into the next tab called services I see that there are ALOT of programs running

I don't instruct people to stop those services, next time you call upon the program it's possible that program wont work.

Apple mobile device (do you know what this is for? itunes maybe?)

Sure is.

 

What else can I help you with?

Share this post


Link to post
Share on other sites

Sorry just now seeing a few things, we must have been posting at the same time....

also how did you know earlier that I had a webcam? Is that running in my background because I havent used it forever and can certainly disable it. Although my computer is running much better its still pretty slow and its only about a year old, thats why I'm really concerned about it.

It showed in your Kaspersky scan

C:\Program Files\Philips\Philips SPC210NC Webcam\MioNet\install_MioNet_ver1_6_11.exe/cmdow.exe

And is not running in the back ground

 

Let's do this

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

Select the following:

Posted Image

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

Note: Please do NOT use the Applications tab or the Issues icon. Keep to the Cleaner icon and the Windows tab.

CCleaner Tutorial

 

 

Defragment

1. Open My Computer.

2. Right-click the local disk volume that you want to defragment, and then click Properties.

3. On the Tools tab, click Defragment Now.

4. Click Defragment

 

On computers not defragmented regularly this can take a few minutes

 

Reboot your machine and note any performance improvements.

 

 

by the way, your icon is very fitting, you are really an angel for having the patience to help me with this. Thank you for everything

Your welcome :sparkle: Edited by Juliet

Share this post


Link to post
Share on other sites

I did all that and things are running about the same still - but if thats the best its gonna get its okay, it's better than it was before

 

Do you know what the blank line with the checkmark is in my startup? Heres a screenshot of it

 

Posted Image

Edited by peb143

Share this post


Link to post
Share on other sites

I can't tell what the program is, can be something we placed a check by with HJT.

You can go ahead and remove the checkmark by the listing with no program name.

 

 

 

We've run your machine through the mill and removed all the spyware/malware.

 

For tips and tricks read this article.

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Edited by Juliet

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×