TheTechGuide Forum

General Category => Tech Clinic => Topic started by: tim baker on October 06, 2006, 12:37:05 PM

Title: Really need help
Post by: tim baker on October 06, 2006, 12:37:05 PM: Ok im working on my brothers computer, and ive done just about everything i could think of and cant really get it fixed properly. Ive used spybot adaware se, ewildo/AVG-antispyware. They say everything clean but still not running properly. Also when i try using ccleaner, and tuneup utilities 2006, when i go to fix issues and stuff, i reboot and come back the same issues and stuff are there again (its like its not savings nothing when it fixes the errors.) Also tryed installing avg anti-virus and i keep getting an error and it just closing. Right now i dont have a current anti virus, but i really want to try and get avg running. If i cant ill get avast or something. Also i cant do a format, because there person who built his PC didnt give him an recovery disks or the xp home cd. So formating or recoverys are out of the question, and i have to rely one whatever program are out there that can help. Can anyone plz help me.

I have to work 2morrow so ill probably next be on in the afternoon sometime. I will also post a hijackthis log when i can 2morrow just to be on the safe side with cyber saftey to.

Anyhelp is greatly appreiciated.
Title: Really need help
Post by: guestolo on October 06, 2006, 10:21:49 PM: From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Title: Really need help
Post by: tim baker on October 06, 2006, 10:36:52 PM: Logfile of HijackThis v1.99.1
Scan saved at 11:36:31 PM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1145397178\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ryan\My Documents\HJT\hijackthis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "ryan"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (http://\"http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Title: Really need help
Post by: guestolo on October 06, 2006, 10:51:37 PM: Nothing that bad, just some leftovers
But let's make sure it's all good

==Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log it produces
Title: Really need help
Post by: tim baker on October 06, 2006, 10:59:52 PM: heres the combofix log..

ryan - 06-10-06 23:57:18.59 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\ryan\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))

2006-10-06   17:14   15,360   --a------   C:\WINDOWS\system32\drivers\sshrmd.sys
2006-10-06   17:14   14,848   --a------   C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-06   17:14   13,824   --a------   C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-10-06   17:14   117,248   --a------   C:\WINDOWS\system32\drivers\ssidrv.sys
2006-10-06   17:02   724,992   --a------   C:\WINDOWS\iun6002.exe
2006-10-06   14:47   1,082,368   --a------   C:\WINDOWS\system32\esent.dll
2006-10-06   10:44   778,656   --a------   C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-06   10:44   4,992   --a------   C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-06   10:44   4,288   --a------   C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-06   10:44   27,904   --a------   C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-06   10:44   23,104   --a------   C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-06   10:31   18,432   --a------   C:\WINDOWS\system32\secedit.exe
2006-10-05   21:22   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05   20:16   24,072   --a------   C:\WINDOWS\system32\uxtuneup.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-06 17:14   --------   d--------   C:\Documents and Settings\ryan\Application Data\Webroot
2006-10-05 20:15   --------   d--------   C:\Program Files\TuneUp Utilities 2006
2006-09-03 19:46   --------   d--------   C:\Program Files\Shockwave.com
2006-08-30 20:07   --------   d--------   C:\Program Files\LocalAutorun
2006-08-28 18:39   --------   d--------   C:\Program Files\Headgames
2006-08-21 08:21   16896   --a------   C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14   23040   --a------   C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14   128896   ---------   C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-22 13:24   24   --a------   C:\BSTONE.BAT
2006-07-21 04:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-02 23:44   2266   --a------   C:\Documents and Settings\ryan\Application Data\AdobeDLM.log

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]
"washindex"="C:\\Program Files\\Cookie Washer\\washidx.exe \"ryan\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Status Monitor 3 Environment Check 2.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_SRCV02.EXE "
"item"="EPSON Status Monitor 3 Environment Check 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\A Verizon App]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VERIZO~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cxpqRkGEU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oskngine"
"hkey"="HKCU"
"command"="oskngine.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1145397178\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ink Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InkMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\EPSON\\Ink Monitor\\InkMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sistray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\sistray.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Windows KeyHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyhook"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\keyhook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiSUSBRG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiSUSBrg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SiSUSBrg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\t66k3qi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="powrov"
"hkey"="HKLM"
"command"="powrov.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VerizonServicepoint.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VerizonServicepoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"AVG Anti-Spyware Guard"=dword:00000002
"IDriverT"=dword:00000003
"EPSONStatusAgent2"=dword:00000002
"dvpapi"=dword:00000002
"Adobe LM Service"=dword:00000003

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Fri 10/06/2006 23:57:55.46
ComboFix.txt

also something i forgot to add... i got avg running on here, after a tip from a friend about using dial a fix. And it seemed to do the trick. I guess a repaired the permissions and it worked.
Title: Really need help
Post by: guestolo on October 06, 2006, 11:13:58 PM: It doesn't help that you disable entries with a startup manager
Please go to START>>RUN
type in
msconfig

Under the Services tab
Click Enable All
Under the Startup tab>>Enable all

Under the General tab, select Normal startup
APPLY>>CLOSE
Restart the computer at the prompt

Back in windows, post a fresh hijackthis log

Please leave everything enabled till we are sure your log is clean please
Title: Really need help
Post by: tim baker on October 06, 2006, 11:27:31 PM: I figured u might want me to run combofix thing again so i included that to.

Logfile of HijackThis v1.99.1
Scan saved at 12:24:12 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1145397178\ee\AOLSoftware.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\ryan\My Documents\HJT\hijackthis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [t66k3qi] powrov.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145397178\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "ryan"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [cxpqRkGEU] oskngine.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (http://\"http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

---------------------------------------------------------------------------------------------------------------------
ryan - 06-10-07 0:26:20.37 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\ryan\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))

2006-10-06   17:14   15,360   --a------   C:\WINDOWS\system32\drivers\sshrmd.sys
2006-10-06   17:14   14,848   --a------   C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-06   17:14   13,824   --a------   C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-10-06   17:14   117,248   --a------   C:\WINDOWS\system32\drivers\ssidrv.sys
2006-10-06   17:02   724,992   --a------   C:\WINDOWS\iun6002.exe
2006-10-06   14:47   1,082,368   --a------   C:\WINDOWS\system32\esent.dll
2006-10-06   10:44   778,656   --a------   C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-06   10:44   4,992   --a------   C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-06   10:44   4,288   --a------   C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-06   10:44   27,904   --a------   C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-06   10:44   23,104   --a------   C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-06   10:31   18,432   --a------   C:\WINDOWS\system32\secedit.exe
2006-10-05   21:22   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05   20:16   24,072   --a------   C:\WINDOWS\system32\uxtuneup.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-06 17:14   --------   d--------   C:\Documents and Settings\ryan\Application Data\Webroot
2006-10-05 20:15   --------   d--------   C:\Program Files\TuneUp Utilities 2006
2006-09-03 19:46   --------   d--------   C:\Program Files\Shockwave.com
2006-08-30 20:07   --------   d--------   C:\Program Files\LocalAutorun
2006-08-28 18:39   --------   d--------   C:\Program Files\Headgames
2006-08-21 08:21   16896   --a------   C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14   23040   --a------   C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14   128896   ---------   C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-22 13:24   24   --a------   C:\BSTONE.BAT
2006-07-21 04:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-02 23:44   2266   --a------   C:\Documents and Settings\ryan\Application Data\AdobeDLM.log

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"cxpqRkGEU"="oskngine.exe"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"VerizonServicepoint.exe"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"t66k3qi"="powrov.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SiS Windows KeyHook"="C:\\WINDOWS\\System32\\keyhook.exe"
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"Logitech Utility"="Logi_MwX.Exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Ink Monitor"="C:\\Program Files\\EPSON\\Ink Monitor\\InkMonitor.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1145397178\\ee\\AOLSoftware.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"A Verizon App"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservicesonce]
"washindex"="C:\\Program Files\\Cookie Washer\\washidx.exe \"ryan\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Sat 10/07/2006 0:27:07.04
ComboFix2.txt
ComboFix.txt
Title: Really need help
Post by: guestolo on October 06, 2006, 11:52:06 PM: Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [t66k3qi] powrov.exe
O4 - HKCU\..\Run: [cxpqRkGEU] oskngine.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer
NOTE: IF you get a prompt from SpySweeper about any changes we are making
ALLOW them so it won't interfer with any fixes

Back in Windows
Can I see the following please
Post a fresh hijackthis log

Also, post the following
Download and save too desktop
F-Secure Blacklight(blbeta.exe) (http://\"https://europe.f-secure.com/exclude/blacklight/blbeta.exe\")

Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

With that log
Also
Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ï¿½Show All
Ensure Show All IS NOT selected
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Title: Really need help
Post by: tim baker on October 07, 2006, 12:23:55 AM: hijackthis log, blbeta, and gmer logs in that order(not sure if i did the blbeta one right but..)

Logfile of HijackThis v1.99.1
Scan saved at 1:23:34 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1145397178\ee\AOLSoftware.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ryan\My Documents\HJT\hijackthis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145397178\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "ryan"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (http://\"http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

10/07/06 01:07:33 [Info]: BlackLight Engine 1.0.47 initialized
10/07/06 01:07:33 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/07/06 01:07:41 [Note]: 7019 4
10/07/06 01:07:41 [Note]: 7005 0
10/07/06 01:09:25 [Note]: 7006 0
10/07/06 01:09:25 [Note]: 7011 1456
10/07/06 01:09:25 [Note]: 7026 0
10/07/06 01:09:25 [Note]: 7026 0
10/07/06 01:09:49 [Note]: FSRAW library version 1.7.1020
10/07/06 01:10:06 [Note]: 2000 1012
10/07/06 01:10:31 [Note]: 7007 0

GMER 1.0.11.11390 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit 2006-10-07 01:22:34
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.11 ----

SSDT 81ABE1D0 ZwAllocateVirtualMemory
SSDT 81AD2C60 ZwCreateKey
SSDT 81ABE6F8 ZwCreateProcess
SSDT 81ABE680 ZwCreateProcessEx
SSDT 81ABE4A0 ZwCreateThread
SSDT 81B09D00 ZwDeleteKey
SSDT 81ABE770 ZwDeleteValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 81ABE248 ZwQueueApcThread
SSDT 81ABD020 ZwReadVirtualMemory
SSDT 81AC4148 ZwRenameKey
SSDT 81ABE338 ZwSetContextThread
SSDT 81ABE860 ZwSetInformationKey
SSDT 81ABE590 ZwSetInformationProcess
SSDT 81ABE3B0 ZwSetInformationThread
SSDT 81ABE7E8 ZwSetValueKey
SSDT 81ABE518 ZwSuspendProcess
SSDT 81ABE2C0 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 81ABE428 ZwTerminateThread
SSDT 81ABE158 ZwWriteVirtualMemory

Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwClose
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateSection
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwSetInformationFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwWriteFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys IoCreateFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys NtClose
Code \SystemRoot\system32\DRIVERS\css-dvp.sys NtCreateSection
Code \SystemRoot\system32\DRIVERS\css-dvp.sys NtSetInformationFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys NtWriteFile

---- Devices - GMER 1.0.11 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE FFA0E1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE FFA10120
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 819DF1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 819A51E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 819E1120
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 819F81C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION FFA36120
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA FFA191C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 819831C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 819821E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION FFA0B1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION FFA071C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL FFA081C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL FFA1D1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL FFA331C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [FB07485A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN FFA4F1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL FFA251C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP FFA2E1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT FFA4B120
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY FFA3C120
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY FFA011C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER FFA691C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL FFA6B120
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE FFA51120
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA FFA5C1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA FFA5D1C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP FFA3B120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE FFA0E1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE FFA10120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 819DF1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 819A51E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 819E1120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 819F81C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION FFA36120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA FFA191C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 819831C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 819821E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION FFA0B1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION FFA071C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL FFA081C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL FFA1D1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL FFA331C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [FB07485A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN FFA4F1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL FFA251C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP FFA2E1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT FFA4B120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY FFA3C120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY FFA011C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER FFA691C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL FFA6B120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE FFA51120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA FFA5C1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA FFA5D1C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP FFA3B120
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE FFA0E1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE FFA10120
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 819DF1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 819A51E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 819E1120
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 819F81C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION FFA36120
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA FFA191C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 819831C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 819821E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION FFA0B1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION FFA071C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL FFA081C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL FFA1D1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL FFA331C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [FB07485A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN FFA4F1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL FFA251C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP FFA2E1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT FFA4B120
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY FFA3C120
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY FFA011C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER FFA691C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL FFA6B120
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE FFA51120
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA FFA5C1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA FFA5D1C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP FFA3B120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE FFA0E1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE FFA10120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 819DF1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 819A51E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 819E1120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 819F81C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION FFA36120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA FFA191C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 819831C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 819821E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION FFA0B1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION FFA071C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL FFA081C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL FFA1D1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL FFA331C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [FB07485A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN FFA4F1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL FFA251C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP FFA2E1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT FFA4B120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY FFA3C120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY FFA011C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER FFA691C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL FFA6B120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE FFA51120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA FFA5C1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA FFA5D1C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP FFA3B120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE FFA0E1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE FFA10120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 819DF1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 819A51E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 819E1120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 819F81C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION FFA36120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA FFA191C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 819831C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 819821E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION FFA0B1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION FFA071C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL FFA081C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL FFA1D1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL FFA331C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [FB07485A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN FFA4F1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL FFA251C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP FFA2E1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT FFA4B120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY FFA3C120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY FFA011C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER FFA691C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL FFA6B120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE FFA51120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA FFA5C1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA FFA5D1C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP FFA3B120

---- EOF - GMER 1.0.11 ----
Title: Really need help
Post by: guestolo on October 07, 2006, 09:28:20 AM: Logs look good
If you find these files can you delete them
Do a search for them
powrov.exe
oskngine.exe

Do you know what this is related too?
C:\BSTONE.BAT
If unsure, can you right click on BStone.bat and select edit and post the contents

One file I seen in combofix
C:\WINDOWS\iun6002.exe
Can you supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Title: Really need help
Post by: tim baker on October 07, 2006, 10:16:51 AM: ok alot of stuff in here im not sure what it is. i know the verison stuff is for his DSL. Other then that im not totally sure on whats good and bad, i know he told me to leave the game big game hunter on there, but thats all i really know about half the stuff on here.

Also i think bstone was sometype of game or something, not positive, heres the results of what it said,
@echo off
bs_aog %1 %2 %3 %4 %5 %6 %7
if not errorlevel == 1 goto exit
jamerr -fbs_aog.err
:exit

but in the install file it says this,
ProgramName=Blake Stone: Aliens of Gold
DefaultDir=\BSTONE
ConfigCmd=SETBLAST
RunCmd=BSTONE
DiskSpace=8200000

im not sure, but heres the uninstall this, (also i think i need to do a windows update but i havnt gotten around to that yet because i wanted to fix it totally up first.

Ad-Aware SE Personal
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Ares 1.9.0
AVG Anti-Spyware 7.5
AVG Free Edition
Big Game Hunter
CCleaner (remove only)
CleanUp!
C-Media 3D Audio
C-Media WDM Audio Driver
EPSON Printer Software
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
IBM ViaVoice TTS Runtime v6.404 - US English
Ink Monitor
J2SE Runtime Environment 5.0 Update 9
Lavasoft VX2 Cleaner
Logitech MouseWare 9.79
Logitech Resource Center
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Money 2002
Mozilla Firefox (1.5)
My DSC
Panda ActiveScan
RealPlayer
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Shockwave
SiS 661FX_760_741_M661FX_M760_M741
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
The Weather Channel Desktop
TuneUp Utilities 2006
Universal Media Player
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB MassStorage CardReader
Verizon Online DSL
Verizon Online Help & Support
Verizon PC Security Checkup
Verizon Quick Support
Verizon Servicepoint 1.3.21
Viewpoint Media Player
Weather Services
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! Anti-Spy
Yahoo! Messenger
Yahoo! Toolbar
Title: Really need help
Post by: guestolo on October 07, 2006, 10:37:01 AM: Nothing that bad in there
This one gets installed unknowing many time with AOL
Viewpoint Media Player
You can remove it from add/remove programs
Did he intentionally install Yahoo toolbar and Yahoo AntiSpy?

It may of been unintentionally installed when installing CCleaner
You can remove them if unintentionally installed

How's everything running?
Title: Really need help
Post by: tim baker on October 07, 2006, 10:41:13 AM: actually its running pretty good. For some reason its got its memory back /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> , and saves things like a normal computer would. Thanks for all the help, By the way before i forget, i think he's missing quite a few xp home files, and without a disk i really cant install them on here. i swore i seen before u postd xp files home and professional, it was like blueish icon, i downloaded it once and ran it on my computer and it worked great on my computer, is there anyway u can post that file..
Title: Really need help
Post by: guestolo on October 07, 2006, 10:47:33 AM: Forgot about that file
C:\WINDOWS\iun6002.exe

Can you right click on it and select properties
Do you know what it's related too?

Also, Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

It's related too an older update of sun java

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

We're posting at the same time /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Quote
i think he's missing quite a few xp home files

Do you mean these files?
http://www.tech-forums.net/computer/topic/29806.html (http://\"http://www.tech-forums.net/computer/topic/29806.html\")
Title: Really need help
Post by: tim baker on October 07, 2006, 10:53:10 AM: nope i have no clue what that file is, when i went into properties it has a company name and url here they are.

http://www.indigorose.com (http://\"http://www.indigorose.com\")
Indigo Rose Corporation
(whatever this means no clue what they are)

Also when i went to remove the java thing, i couldn't find it /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> Here hjt log

Logfile of HijackThis v1.99.1
Scan saved at 11:51:22 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1145397178\ee\AOLSoftware.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ryan\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aldelphia.com/ (http://\"http://aldelphia.com/\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145397178\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "ryan"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (http://\"http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

And yep thoughs are the file /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Title: Really need help
Post by: guestolo on October 07, 2006, 11:12:03 AM: The file is OK

You can delete the following that we used to do scans
Combofix.exe on desktop
Blbeta.exe and the log it produced
Gmer.zip and Gmer.exe on desktop

Folder
C:\Qoobox
The following files
C:\Combofix.txt
C:\Windows\gmer.dll
C:\Windows\gmer.exe
C:\Windows\gmer.ini
C:\Windows\System32\Drivers\gmer.sys

C:\Windows\Prefetch\gmer.exe
C:\Windows\Prefetch\blbeta.exe
You can actually delete the whole contents of the Prefetch folder
This will cause a slight delay on boottime startup
But this will increase as the prefetch folder is rebuilt

Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer one more time

You can go back and use msconfig to control startup entries
Or leave msconfig alone and use a small tool such as
http://members.lycos.co.uk/codestuff/ (http://\"http://members.lycos.co.uk/codestuff/\")

Hope that helps /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

P.S. If you haven't done a Disk Defragment on the computer
You may want to add that to the cleanup procedure after you get all latest high priority Windows updates
Don't forget to set Updates to Automatic
Or if you manually search for updates, they usually come out the second Tuesday of every month
So the next ones are very soon
Title: Really need help
Post by: tim baker on October 07, 2006, 11:18:55 AM: thank you!
Title: Really need help
Post by: guestolo on October 07, 2006, 11:38:47 AM: Your welcome, glad to help
I'll lock this topic as your problems appear resolved
Take care /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />