Jsmtty
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Jsmtty
-
-
Ok...first of all...The "strange" file that I can't delete is keeping me from removing a user account on this machine. I can locate the file in Windows Explorer...I just can't "do" anything with it...including uploading it to virustotal.com. Does that describe the first problem a little better?
Ok - the second thing is the speed. This machine just seems to be running abnormally slow.
I ran ccleaner.
Here is the ComboFix Log...You'll see more than me...but I do want to get rid of the Yahoo toolbar I see:
ComboFix 08-02-25.3 - PaulaW 02/28/2008 16:40:27.1 - NTFSx86
Running from: C:\Documents and Settings\All Users\Desktop\DownLoads\MalwareBytes\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.
2008-02-28 16:40 . 02/28/08 04:40p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_334.dat
2008-02-28 15:42 . 02/28/08 03:43p <DIR> d-------- C:\Program Files\CCleaner
2008-02-25 15:12 . 02/25/08 03:12p <DIR> d-------- C:\Program Files\Trend Micro
2008-02-25 14:27 . 02/25/08 02:27p <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-25 14:27 . 02/25/08 02:27p <DIR> d-------- C:\Documents and Settings\PaulaW\Application Data\Malwarebytes
2008-02-25 14:27 . 02/25/08 02:27p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-25 12:56 . 06/05/07 10:56a 44,928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS
2008-02-25 12:40 . 02/25/08 01:55p <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-02-25 12:40 . 02/25/08 12:51p 30,590 --a------ C:\WINNT\system32\pavas.ico
2008-02-25 12:40 . 02/25/08 12:51p 2,550 --a------ C:\WINNT\system32\Uninstall.ico
2008-02-25 12:40 . 02/25/08 12:51p 1,406 --a------ C:\WINNT\system32\Help.ico
2008-02-22 17:06 . 02/22/08 05:04p 691,545 --a------ C:\WINNT\unins000.exe
2008-02-22 17:06 . 02/22/08 05:06p 2,542 --a------ C:\WINNT\unins000.dat
2008-02-22 16:25 . 02/22/08 04:25p <DIR> d-------- C:\Documents and Settings\PaulaW\Application Data\Basta Computing
2008-02-22 16:24 . 02/22/08 04:24p <DIR> d-------- C:\Program Files\Basta Computing
2008-02-18 09:47 . 02/18/08 09:47a <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-18 09:47 . 02/13/07 08:23p 103,424 --a------ C:\WINNT\system32\hpzpnp.dll
2008-02-18 09:47 . 08/31/06 07:34p 33,792 --a------ C:\WINNT\system32\HPZIPR12.DLL
2008-02-18 09:47 . 09/01/06 02:29p 30,208 --a------ C:\WINNT\system32\HPZIPT12.DLL
2008-02-18 09:47 . 09/01/06 03:18p 20,480 --a------ C:\WINNT\system32\HPZISN12.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 20:43 --------- d-----w C:\Program Files\Yahoo!
2008-02-28 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 18:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 18:26 --------- d-----w C:\Program Files\NavNT
2008-02-25 18:19 --------- d-----w C:\Program Files\Google
2008-02-22 22:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 16:37 --------- d-----w C:\Program Files\MailFrontier
2008-02-20 20:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 17:39 575,488 ----a-w C:\WINNT\system32\WININET.DLL
2007-12-05 10:40 631,056 ----a-w C:\WINNT\system32\OLEAUT32.DLL
2004-07-15 14:37 271 ---h--w C:\Program Files\desktop.ini
2004-07-15 14:37 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/07 04:59p 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/08 11:43a 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p 111376 C:\WINNT\system32\mobsync.exe]
"TCASUTIEXE"="TCAUDIAG -off" []
"vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/01 07:59a 73728]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe" [05/04/04 02:21a 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [03/31/04 11:34p 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664]
"HPHmon05"="C:\WINNT\system32\hphmon05.exe" [05/04/04 05:17p 491520]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/16/05 10:11p 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 03:00a 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/08 10:16p 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 02:05p 186640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 11/02/01 09:50a 24636 C:\WINNT\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 20:36:03 C:\WINNT\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 16:42:29
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\system32\NavLogon.dll
.
Completion time: 02/28/2008 16:43:25
ComboFix-quarantined-files.txt 2008-02-28 21:43:08
.
2008-02-13 08:03:59 --- E O F ---
********************************************************************************
*****************
Here is the HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:10 PM, on 2/28/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 90.0.1.42 mainserver
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: YacsMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} (Seagull Web-to-Host Control Module v4) - https://www.ussco.com/bluezone/controls/sglw2hcm.ocx
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.48/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
--
End of file - 6725 bytes
********************************************************************************
********************
Thanks again for your help.
-
Hi Jean,
The YacsMon program is from DeRamp. It was intentionally installed on this machine. I scanned it at virustotal.com anyway. It looked clean. The other file is acting like it doesn't even "exist". I can't even upload it at virustotal.com. Like it's not even there.
Any other ideas? Thanks for your help !
-
Hello,
My machine is moving very slowly and has me a little worried. Especially when I start up IE. Also, I've also found a file I can't delete. Looks like this:
C:\Documents and Settings\ShannonC\Local Settings\Temp\Temporary Internet Files\Content.IE5\4DAF8HUJ\activity;src=998766;met=1;v=1;pid=14258645... ...;ecn2=1;etm2=0;eid3=11;e[1].gif
I'm not really sure how to proceed, so I figured I'd come ask the expert first. Thanks for any advice you can offer.
Here is an mbam-log:
Malwarebytes' Anti-Malware 1.05
Database version: 404
Scan type: Full Scan (C:\|)
Objects scanned: 47823
Time elapsed: 24 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
**************************************************************************
Here is the Panda Scan log:
Incident Status Location
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@com[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@perf.overture[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@realmedia[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@server.iad.liveperson[2].txt
********************************************************************************
*
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:33 PM, on 2/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O1 - Hosts: 90.0.1.42 mainserver
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: YacsMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} (Seagull Web-to-Host Control Module v4) - https://www.ussco.com/bluezone/controls/sglw2hcm.ocx
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.48/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
--
End of file - 6553 bytes
-
Hi Again,
I downloaded and installed Spybot S&D on Friday. I'm comfortable enough with it, I think. I've done some minor registry editing on many of our machines at work and haven't destroyed anything yet ! But I see what you mean...I set of alarms and sirens by just changing my screensaver ! This thing is thorough.
Windows is set to update automatically and I'll keep an eye on Java. I've downloaded a version of ZoneAlarm Firewall that I'll try this week.
Thanks for your help through this! Your time and advice is much appreciated.
-
Great Advice ! I'll do exactly as you suggested. And...Still no Popups here.
Here is my HJT Log... Please let me know if you see anything else.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:44 AM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\MAILFR~1\mantispm.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: YacsMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe
O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129166305125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177621409953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robyco.com
O17 - HKLM\Software\..\Telephony: DomainName = robyco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D0049E-F1EA-42EC-A153-8678F2D3A74A}: NameServer = 65.17.128.7,65.17.128.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2975A30-2DE3-41D0-90D1-BE186F844043}: NameServer = 65.17.128.7,65.17.128.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = robyco.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: WLANKEEPER - Intel
-
The media player was previously uninstalled via add/remove programs. Combo Fix has been loaded and run. After a reboot, QooBox has been deleted.
No PopUps Yet !!! Still holding my breath. I'll respond again later with an update. Thanks for helping me.
Here is the Combofix Log:
ComboFix 07-08-30.3 - "JeffS" 2007-09-07 4:40:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.517 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ujagcjrfuc.dat
C:\WINDOWS\system32\ujagcjrfuc.exe
C:\WINDOWS\system32\ujagcjrfuc_nav.dat
C:\WINDOWS\system32\ujagcjrfuc_navps.dat
((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))
2007-09-07 04:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-06 18:09 4,534 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-06 18:07 <DIR> d-------- C:\SmitFraudFix
2007-09-06 16:56 <DIR> d-------- C:\HiJackThis
2007-09-06 00:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-06 00:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-05 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-04 15:08 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-04 15:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-04 15:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 14:39 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-01 12:00 <DIR> d-------- C:\DOCUME~1\JeffS\APPLIC~1\TVU Networks
2007-08-14 11:59 <DIR> d-------- C:\Program Files\BlueTooth
2007-08-14 11:55 <DIR> d-------- C:\Program Files\Toshiba
2007-08-14 11:48 86,867 -ra------ C:\WINDOWS\system32\drivers\BCOREUSB.sys
2007-08-12 20:30 <DIR> d-------- C:\Program Files\iTunes
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-06 14:29 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-06 14:28 --------- d-------- C:\Program Files\321Studios
2007-09-06 14:26 --------- d-------- C:\Program Files\MUSICMATCH
2007-09-06 14:24 --------- d-------- C:\Program Files\Common Files\Real
2007-09-05 23:08 --------- d-------- C:\Program Files\Windows Defender
2007-09-05 23:06 --------- d-------- C:\Program Files\NavNT
2007-09-05 23:02 --------- d-------- C:\Program Files\MailFrontier
2007-09-05 23:00 --------- d-------- C:\Program Files\Google
2007-09-05 23:00 --------- d-------- C:\Program Files\Digital Line Detect
2007-09-05 23:00 --------- d-------- C:\Program Files\DellSupport
2007-09-05 22:54 --------- d-------- C:\Program Files\Apoint
2007-09-05 14:08 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-09-05 13:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-26 21:15 100 --a------ C:\WINDOWS\system32\prsgrc.dll
2007-08-26 15:36 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\SopCast
2007-08-26 15:34 --------- d-------- C:\Program Files\SopCast
2007-08-12 20:30 --------- d-------- C:\Program Files\iPod
2007-08-12 20:28 --------- d-------- C:\Program Files\Apple Software Update
2007-08-05 18:02 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\Purple Ghost Software, Inc
2007-08-05 18:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc
2007-08-05 18:01 --------- d-------- C:\Program Files\Purple Ghost
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 16:51 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\DDMS
2007-07-16 12:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-16 12:12 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\InstallShield
2007-07-16 12:10 --------- d-------- C:\Program Files\DDMS
2007-07-13 12:19 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\AdobeUM
2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 16:30 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\Apple Computer
2007-07-12 10:18 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-12 10:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-12 10:13 --------- d-------- C:\Program Files\QuickTime
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 17:08 126 --a------ C:\WINDOWS\gzcdweb.bat
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 00:55]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 00:55]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 00:55]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 C:\WINDOWS\KHALMNPR.Exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 08:59]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Matador"="C:\PROGRA~1\MAILFR~1\mantispm.exe" [2006-01-20 11:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 10:51 24638 C:\WINDOWS\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c29030-4fec-11dc-8fa0-0010c69d1c00}]
AutoRun\command- E:\setupSNK.exe
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-09-06 03:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-06 04:13:28 C:\WINDOWS\Tasks\cleanmgr.job - C:\WINDOWS\system32\cleanmgr.exe
2007-06-05 13:10:25 C:\WINDOWS\Tasks\Defrag.job - C:\WINDOWS\system32\dfrg.msc
2007-09-07 05:40:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-09-07 06:34:12 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 04:44:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-07 4:46:11
C:\ComboFix-quarantined-files.txt ... 2007-09-07 04:45
--- E O F ---
-
Also, FWIW...
I just "KNOW" the exact time and place this problem began... And when I look in my C:\Windows folder, the following .log files are preset at that exact time on that exact date. I'll attach a picture in .pdf.
Thanks Again!!
-
Hi and thanks for your response. I'm still getting the popups - but here's what I did:
First, I deleted the C:\WINDOWS\Temp\NSIS_Install_WMP.exe[WebMediaPlayer.exe file from my machine.
Here is the 1st SmitFraudFix Report run before rebooting in Safe Mode:
SmitFraudFix v2.221
Scan done at 18:09:05.26, Thu 09/06/2007
Run from C:\SmitFraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
-
A little more info here...Hopefully this helps:
We mistakenly downloaded a program called "Web Media Player" on Saturday 09/01/07. This is also when the problems began. I'm 99% sure that this is the root of the problem.
Also wanted to share this... I see some very strange .log files in my C:\Windows folder that were all added/modified on 09/01/07. I'll paste a couple of examples here...just in case that helps.
Here is part of a file called netfxocm.log:
[08/11/04,17:07:29] ********************************************************************************
[08/11/04,17:07:29] CUrtOcmSetup()
[08/11/04,17:07:29] Installs NETFX component
[08/11/04,17:07:29] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.
[08/11/04,17:07:29] OC_PREINITIALIZE - SubComponent: [08/11/04,17:07:29] OnPreInitialize(), charWidth = 3
[08/11/04,17:07:29] OC_INIT_COMPONENT - SubComponent: (null)
[08/11/04,17:07:29] InitializeComponent()
[08/11/04,17:07:29] OC_QUERY_STATE - SubComponent: netfx
[08/11/04,17:07:29] OnQueryState()
[08/11/04,17:07:29] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.
[08/11/04,17:07:29] OnQueryState(),Return Value is 0
[08/11/04,17:07:29] OC_CALC_DISK_SPACE - SubComponent: netfx
[08/11/04,17:07:29] OnCalculateDiskSpace(), adding = 1
[08/11/04,17:07:29] SetVariableDirs()
[08/11/04,17:07:29] OnCalculateDiskSpace(), adding size from section netfx_install
[08/11/04,17:07:29] OC_WIZARD_CREATED - SubComponent: (null)
[08/11/04,17:07:29] OnWizardCreated()
[08/11/04,17:09:56] OC_QUERY_STATE - SubComponent: netfx
[08/11/04,17:09:56] OnQueryState()
[08/11/04,17:09:56] Called with OCSELSTATETYPE_CURRENT.
[08/11/04,17:09:56] OnQueryState(),Return Value is 1
[08/11/04,17:09:56] OC_CALC_DISK_SPACE - SubComponent: netfx
[08/11/04,17:09:56] OnCalculateDiskSpace(), adding = 1
[08/11/04,17:09:56] OnCalculateDiskSpace(), adding size from section netfx_install
[08/11/04,17:11:22] NOTIFY_NDPINSTALL - SubComponent: netfx
[08/11/04,17:11:22] OnNdpInstall(), subcomponent netfx with flag = 0
[08/11/04,17:11:22] ...called by component TabletPC Component Setup
[08/11/04,17:11:22] Dependent component telling us not to install ... they will not be installing on this machine.
[08/11/04,17:11:22] NOTIFY_NDPINSTALL - SubComponent: netfx
[08/11/04,17:11:22] OnNdpInstall(), subcomponent netfx with flag = 0
[08/11/04,17:11:22] ...called by component eHome Component Setup
[08/11/04,17:11:22] Dependent component telling us not to install ... they will not be installing on this machine.
[08/11/04,17:11:23] OC_QUEUE_FILE_OPS - SubComponent: (null)
[08/11/04,17:11:23] OnQueueFileOperations was not called, since subcomponent is unknown
[08/11/04,17:11:23] OC_QUEUE_FILE_OPS - SubComponent: netfx
[08/11/04,17:11:23] StateChanged() Original=1, Current=0
[08/11/04,17:11:23] OnQueueFileOperations()
[08/11/04,17:11:23] Netfx is not set to install
[08/11/04,17:12:36] OC_QUERY_STATE - SubComponent: netfx
[08/11/04,17:12:36] OnQueryState()
[08/11/04,17:12:36] Called with OCSELSTATETYPE_FINAL ... will set subcomponent registry flag.
[08/11/04,17:12:36] Netfx is not set to install
[08/11/04,17:12:36] OnQueryState(),Return Value is 2
[10/05/05,19:26:45] ********************************************************************************
[10/05/05,19:26:45] CUrtOcmSetup()
[10/05/05,19:26:45] Installs NETFX component
[10/05/05,19:26:45] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.
[10/05/05,19:26:45] OC_PREINITIALIZE - SubComponent: [10/05/05,19:26:45] OnPreInitialize(), charWidth = 3
[10/05/05,19:26:45] OC_INIT_COMPONENT - SubComponent: (null)
[10/05/05,19:26:45] InitializeComponent()
[10/05/05,19:26:45] OC_QUERY_STATE - SubComponent: netfx
[10/05/05,19:26:45] OnQueryState()
[10/05/05,19:26:45] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.
[10/05/05,19:26:45] OnQueryState(),Return Value is 0
[10/05/05,19:26:45] OC_CALC_DISK_SPACE - SubComponent: netfx
[10/05/05,19:26:45] OnCalculateDiskSpace(), adding = 1
[10/05/05,19:26:45] SetVariableDirs()
[10/05/05,19:26:45] OnCalculateDiskSpace(), adding size from section netfx_install
[10/05/05,19:26:45] OC_WIZARD_CREATED - SubComponent: (null)
[10/05/05,19:26:45] OnWizardCreated()
[10/05/05,19:26:45] OC_QUERY_STATE - SubComponent: netfx
[10/05/05,19:26:45] OnQueryState()
[10/05/05,19:26:45] Called with OCSELSTATETYPE_CURRENT.
[10/05/05,19:26:45] OnQueryState(),Return Value is 1
[10/05/05,19:26:45] OC_CALC_DISK_SPACE - SubComponent: netfx
[10/05/05,19:26:45] OnCalculateDiskSpace(), adding = 1
[10/05/05,19:26:45] OnCalculateDiskSpace(), adding size from section netfx_install
[10/05/05,19:26:46] OC_QUEUE_FILE_OPS - SubComponent: (null)
[10/05/05,19:26:46] OnQueueFileOperations was not called, since subcomponent is unknown
[10/05/05,19:26:46] OC_QUEUE_FILE_OPS - SubComponent: netfx
[10/05/05,19:26:46] StateChanged() Original=1, Current=0
[10/05/05,19:26:46] OnQueueFileOperations()
[10/05/05,19:26:46] Netfx is not set to install
[10/05/05,19:26:47] OC_QUERY_STATE - SubComponent: netfx
[10/05/05,19:26:47] OnQueryState()
[10/05/05,19:26:47] Called with OCSELSTATETYPE_FINAL ... will set subcomponent registry flag.
[10/05/05,19:26:47] Netfx is not set to install
[10/05/05,19:26:47] OnQueryState(),Return Value is 2
[10/12/05,20:22:44] ********************************************************************************
[10/12/05,20:22:44] CUrtOcmSetup()
[10/12/05,20:22:44] Installs NETFX component
[10/12/05,20:22:44] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.
[10/12/05,20:22:44] OC_PREINITIALIZE - SubComponent: [10/12/05,20:22:44] OnPreInitialize(), charWidth = 3
[10/12/05,20:22:44] OC_INIT_COMPONENT - SubComponent: (null)
[10/12/05,20:22:44] InitializeComponent()
[10/12/05,20:22:44] OC_QUERY_STATE - SubComponent: netfx
[10/12/05,20:22:44] OnQueryState()
[10/12/05,20:22:44] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.
[10/12/05,20:22:44] OnQueryState(),Return Value is 0
[10/12/05,20:22:44] OC_CALC_DISK_SPACE - SubComponent: netfx
[10/12/05,20:22:44] OnCalculateDiskSpace(), adding = 1
[10/12/05,20:22:44] SetVariableDirs()
[10/12/05,20:22:44] OnCalculateDiskSpace(), adding size from section netfx_install
[10/12/05,20:22:45] OC_CLEANUP - SubComponent: (null)
[10/12/05,20:22:45] OnCleanup()
[10/12/05,20:22:52] ********************************************************************************
[10/12/05,20:22:52] CUrtOcmSetup()
[10/12/05,20:22:52] Installs NETFX component
[10/12/05,20:22:52] OS Edition is Neither Embedded Nor Server. Initially not marked for installation.
[10/12/05,20:22:52] OC_PREINITIALIZE - SubComponent: [10/12/05,20:22:52] OnPreInitialize(), charWidth = 3
[10/12/05,20:22:52] OC_INIT_COMPONENT - SubComponent: (null)
[10/12/05,20:22:52] InitializeComponent()
[10/12/05,20:22:52] OC_QUERY_STATE - SubComponent: netfx
[10/12/05,20:22:52] OnQueryState()
[10/12/05,20:22:52] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously.
[10/12/05,20:22:52] OnQueryState(),Return Value is 0
[10/12/05,20:22:52] OC_CALC_DISK_SPACE - SubComponent: netfx
[10/12/05,20:22:52] OnCalculateDiskSpace(), adding = 1
[10/12/05,20:22:52] SetVariableDirs()
[10/12/05,20:22:52] OnCalculateDiskSpace(), adding size from section netfx_install
[10/12/05,20:22:53] OC_CLEANUP - SubComponent: (null)
[10/12/05,20:22:53] OnCleanup()
[10/12/05,20:39:29]
________________________________________________________________________________
_________________________
Here is part of a file called msgsocm.log:
Initialize setup: MSGROCM.DLL 08/11/04 17:07:28
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x0 0x0
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_WIZARD_CREATED] - complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_QUERY_CHANGE_SEL_STATE] - complete
[msmsgs - OC_CALC_DISK_SPACE] - complete
[msmsgs - OC_QUEUE_FILE_OPS] - complete
[msmsgs - OC_QUEUE_FILE_OPS] - complete
[msmsgs - OC_QUERY_STEP_COUNT] - complete
[msmsgs - OC_QUERY_STEP_COUNT] - complete
[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete
[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete
[msmsgs - OC_COMPLETE_INSTALLATION] - complete
[msmsgs - OC_COMPLETE_INSTALLATION] - complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/05/05 19:26:44
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb8
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_WIZARD_CREATED] - complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_QUERY_CHANGE_SEL_STATE] - complete
[msmsgs - OC_CALC_DISK_SPACE] - complete
[msmsgs - OC_QUEUE_FILE_OPS] - complete
[msmsgs - OC_QUEUE_FILE_OPS] - complete
[msmsgs - OC_QUERY_STEP_COUNT] - complete
[msmsgs - OC_QUERY_STEP_COUNT] - complete
[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete
[msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete
[msmsgs - OC_COMPLETE_INSTALLATION] - complete
[msmsgs - OC_COMPLETE_INSTALLATION] - complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:22:42
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:22:52
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:28
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:35
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:39
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:44
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:49
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:54
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:39:59
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
Initialize setup: MSGROCM.DLL 10/12/05 20:40:04
[msmsgs - OC_PREINITIALIZE] - complete
[msmsgs - OC_INIT_COMPONENT]
[HigherVersionInstalled] :
InstalledVersion: 0x40007 0xbb9
VersionOnCD: 0x40007 0xbb8
- complete
[msmsgs - OC_QUERY_STATE] - complete
[msmsgs - OC_CLEANUP] - complete
-
Hi,
I've been browsing here for quite some time. I'm having a similar problem with popups. I would appreciate any help you can give ! Here is my HJT log and Panda Scan log:
Logfile of HijackThis v1.99.1
Scan saved at 11:34:51 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\All Users\Desktop\My Downloads\AVG\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel
PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program
Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
/minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: YacsMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} -
C:\WINDOWS\system32\cachepal.exe
O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} -
C:\WINDOWS\system32\cachepal.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -
http://pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
http://www.installshield.com/install/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...ab?112916630512
5
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat....cab?1177621409
953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robyco.com
O17 - HKLM\Software\..\Telephony: DomainName = robyco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D0049E-F1EA-42EC-A153-8678F2D3A74A}: NameServer =
65.17.128.7,65.17.128.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2975A30-2DE3-41D0-90D1-BE186F844043}: NameServer =
65.17.128.7,65.17.128.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = robyco.com
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program
Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -
C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program
Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: WLANKEEPER - Intel
Strange File I Can't Delete
in Resolved Malware Removal Logs
Posted
Thanks Jean,
I did all of this. Seems to be helping with the speed. And I'm happy you found no malware. I really appreciate your advice.
I am still unable to delete the file for some reason. It's the strangest thing. Since it's not really malware...it's not the end of the world. It's just keeping me from removing an old user from the machine.
In the Documents and Settings folder, there are several users. Each user has a + by their name...since their folder contains sub folders. But this one old user has no + by their name...indicating they have no sub-folders. But there IS one sub-folder...and it contains a sub-folder...etc...
I've never seen this before. If you have any other suggestions, please share. If you're stumped too...well it's not the end of the world.
Thanks again for all of your help.