Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - lildeuce05

Pages: [1]

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 23, 2006, 10:03:31 AM »

Sorry to have bothered you one last time. I just had downloaded so much and was unsure of what all to run and when to do it all. The only thing left to mention that I had previously mentioned is that I had ordered the SP2 on disk from Microsoft and they tell you to expect delivery in 4-6 weeks delivery. I got my disk yesterday in the mail. It took a week. That is just for future reference in your work.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> They sent me 2 copies go figure. Thanks again for all your efforts. Sorry to be such a pain.
Cindy

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 22, 2006, 11:44:50 PM »

Are you going to tell me like on the Spy Bot and Spy Blaster and Ad Aware and Ewido and if I re-download the Windows Cleanup....how often should I run these programs? I have the Firewall enabled in the SP2 do I need to do anything else? We decided I dont need anything additional. I just need to be careful not to find myself in this same shape again right. I have the AV running in the background. Any other suggestions?
Thank you
Cindy

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 22, 2006, 06:02:09 PM »

Hi!! Well, I got the SP2 downloaded and installed. Everything went great. The computer is running great. I did take the CleanUp off. Do you think we are done for now? Or do I need to run anything else? The DLL file did not seem to be affected in the SP2 download in any way. I guess we will let it go for some time and see what happens? Thank you so much for everything you have been so great!! I cant thank you enough. Talk to you soon.
Cindy

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 16, 2006, 11:28:35 PM »

Hi! I just wanted to give you an update. I did all the previous as instructed. But as you may know, I am still on dial up at my house. I did the update at Microsoft.com. Did all the reading and the scan indicated my computer was ready to install SP2. I made the download to 37% and it failed. So I ended up ordering the CD from the website. It indicates that it takes 4-6 weeks for delivery. So what I am going to do is uninstall my dial-up software and take the computer to my sister's house and put it on her DSL to do the download. The computer is running great. I wondered if I was making a mistake trying that as the download was so big. I did also do the defrag before I started all that..... and yes....I would like the link to the free firewall if you dont mind. As soon as I get the SP finished, I will again give you an update that everything is finished, downloaded, updated and running fine. Again, thank you for all your help. Couldnt have made it through all this without you. Your the best.
Cindy

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 14, 2006, 06:58:49 PM »

Thanks for your reply. I got all of that taken care of. I installed SpywareBlaster
I downloaded and installed Spybot with no problems. I do still have Ad-Aware and didnt have any problems with it when I downloaded and installed. Do you feel I should stick with the Avast Antivirus?

I also have questions on what I need to leave on this computer and what I need to get rid of in reference to all the clean up tools we used. Ewido,hijackthis,smitfraud,12mfix,Kaspersky etc? You will tell me when and what to ditch?

Also, about the firewall....hmmm. Are you talking about the XP firewall? Or should I download or buy something else? Can you recommend?

I do intend on downloading the SP2. I have been waiting for you to give me the A-OK.

Much Thanks,
Cindy

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 10, 2006, 03:59:31 AM »

Hi again...sorry about the delay....I work second shift. Yes, everything is definitely running better. After I deleted those 2 files you told me to in your next to last post. the nrsfx.exe and wcqibkzin.exe......I started getting pop-ups again. So I did a restart into regular mode. I did a search from the search menu and deleted them. Then I did a regedit and deleted them from the registry. I havent had another pop-up since. So I am assuming they are gone. But you know what happens when I assume.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Anyway...I downloaded the wininet.dll file from the web after I googled it. The site was www.dll-files.com. Then I scanned the wininet file at jotti.org I have posted that report below. I will await your response. And again, thank you ever so much.
Cindy

WININET.DLL
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 9d3bf3efcd3470fbeca54dee9a3332b6

Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 09, 2006, 12:17:53 PM »

Hi...I deleted both the nrsfxc.exe and wcqibkzin.exe files successfully. I downloaded and installed the 12mfix and ran it successfully. I exported the DLL file. All is posted here for you. I did previously download the Smitrem but deleted it without ever running the fix as I believed I had downloaded the wrong one. I think this is it for now. I hope you didnt need a new hijackthis with this one. Let me know. Much thanks again.
Cindy

DLL file

Volume in drive C has no label.
Volume Serial Number is 8431-2E4C

Directory of C:\WINDOWS\$NtServicePackUninstall$

12/03/2001 04:55 PM 581,632 wininet.dll
1 File(s) 581,632 bytes

Directory of C:\WINDOWS\$NtUninstallKB912812-IE6SP1-20060322.182418$

01/21/2004 04:16 PM 588,288 wininet.dll
1 File(s) 588,288 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

08/29/2002 05:41 AM 599,040 wininet.dll
1 File(s) 599,040 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\bc2bb94b99deb6cd7b7cb182db7109cb\rtmgdr

02/24/2006 02:26 PM 575,488 wininet.dll
1 File(s) 575,488 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\bc2bb94b99deb6cd7b7cb182db7109cb\RTMQFE

02/24/2006 05:28 PM 586,752 wininet.dll
1 File(s) 586,752 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\backup

08/29/2002 05:41 AM 599,040 wininet.dll
1 File(s) 599,040 bytes

Directory of C:\WINDOWS\system

08/17/2001 10:34 PM 583,680 wininet.dll
1 File(s) 583,680 bytes

Directory of C:\WINDOWS\system32

02/24/2006 02:26 PM 575,488 WININET.DLL
1 File(s) 575,488 bytes

Directory of C:\WINDOWS\system32\dllcache

02/24/2006 02:26 PM 575,488 WININET.DLL
1 File(s) 575,488 bytes

Directory of C:\WINDOWS\WinSxS

08/17/2001 10:34 PM 583,680 wininet.dll
1 File(s) 583,680 bytes

12mfix

L2MFIX find log 032106
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,b3,31,61,a6,91,b1,03,4e,a3,1b,42,bb,90,7c,23,60,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,8a,b9,f3,84,1e,fa,8b,df,\
aa,01,fc,46,5e,9e,5f,f7,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,95,\
9a,e6,76,4e,6d,5c,7c,d2,45,4f,a0,9c,ec,4e,9a,20,00,00,00,8f,94,01,84,54,57,\
17,6f,70,e8,94,65,74,db,5b,78,2b,bd,1d,f0,ca,ca,cb,16,5f,d9,e8,13,a9,d3,ad,\
ab,14,00,00,00,a9,3c,4b,79,fd,04,e6,20,b7,ec,77,14,80,f0,65,cd,6a,f8,30,b5

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}"="Share-to-Web Upload Folder"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
dxtrans.dll Fri Feb 24 2006 2:24:10p A.... 192,512 188.00 K
iepeers.dll Fri Feb 24 2006 2:24:42p A.... 236,032 230.50 K
inetcomm.dll Mon Feb 27 2006 1:31:54p A.... 596,480 582.50 K
inetres.dll Mon Feb 27 2006 1:31:50p A.... 47,616 46.50 K
legitc~1.dll Mon Apr 10 2006 1:00:34p A.... 555,824 542.80 K
mshtml.dll Wed Mar 22 2006 5:35:42p A.... 2,702,336 2.57 M
msident.dll Mon Feb 27 2006 1:29:32p A.... 44,032 43.00 K
msoeacct.dll Mon Feb 27 2006 1:31:40p A.... 229,376 224.00 K
msoert2.dll Mon Feb 27 2006 1:31:36p A.... 91,136 89.00 K
mstime.dll Fri Mar 3 2006 3:13:30p A.... 498,176 486.50 K
shdocvw.dll Tue Mar 21 2006 3:14:12p A.... 1,339,392 1.28 M
shell32.dll Fri Mar 17 2006 12:04:14a A.... 8,351,232 7.96 M
spmsg.dll Mon Apr 10 2006 12:36:16p ..... 8,632 8.43 K
urlmon.dll Thu Mar 2 2006 3:57:48p A.... 461,312 450.50 K
wgalogon.dll Mon Apr 10 2006 1:00:30p ..... 144,688 141.30 K
wininet.dll Fri Feb 24 2006 2:26:08p A.... 575,488 562.00 K
wmp.dll Fri Mar 10 2006 6:09:14a A.... 5,533,696 5.28 M
xpsp2res.dll Tue Mar 21 2006 8:28:50p A.... 594,944 581.00 K

18 items found: 18 files, 0 directories.
Total of file sizes: 22,202,904 bytes 21.17 M
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 8431-2E4C

Directory of C:\WINDOWS\System32

04/09/2002 04:31 AM <DIR> Microsoft
0 File(s) 0 bytes
1 Dir(s) 8,818,077,696 bytes free

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 09, 2006, 04:38:49 AM »

Everything went ok this time, but I have to mention something to you. When I ran the Smitfraud, it did not prompt me to fix the wininet.dll file. I think the reason is because from the very beginning of all this mess....that was the very first thing that was wrong with this computer. Upon log on....I kept getting a Wininet.dll error. I could not access IE. So I went to "my" computer and did a google search and started reading about wininet errors. I found a website. I downloaded a new wininet.dll and reloaded it on this computer. So the original one "may" be infected. But as soon as I reloaded a good one. I stopped getting the errors and was then able to access IE and tada.....here I am today. Just thought you might need to know that in case they may be bumping into each other? Anyway...I warned you I may be dangerous. Below I will post a new hijackthis, Smitfraud and also Kaspersky log. Will await your response. Once again, thank you for your time...your the greatest.
Cindy

Logfile of HijackThis v1.99.1
Scan saved at 4:16:34 AM, on 5/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\PEOPLE~1\PropelAC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: PowerPanel.lnk = ?
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049973559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049914866
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DAA6935-B924-4C3E-B534-87D655B3711A}: NameServer = 66.90.133.117 66.90.130.10
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Smitfraud

SmitFraudFix v2.41

Scan done at 0:11:26.74, Tue 05/09/2006
Run from C:\Documents and Settings\cathy a musgrave\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\interf.tlb Deleted
C:\WINDOWS\system32\ncompat.tlb Deleted
C:\WINDOWS\system32\oleext.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 09, 2006 4:14:50 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 9/05/2006
Kaspersky Anti-Virus database records: 192513
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   F:\
   G:\

Scan Statistics:
   Total number of scanned objects: 68653
   Number of viruses found: 11
   Number of infected objects: 64
   Number of suspicious objects: 0
   Duration of the scan process: 01:28:51

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP909\A0144440.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP909\A0144495.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP909\A0144500.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP913\A0144528.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144544.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144555.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144559.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144561.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144568.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144573.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144579.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0144582.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145576.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145581.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145583.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145602.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145603.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145614.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145620.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145638.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145642.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145647.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145750.exe   Infected: Trojan.Win32.Small.ev   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145754.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145760.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145765.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145771.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145776.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145782.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145790.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145794.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145803.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP914\A0145808.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0145922.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0145937.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0145942.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0145951.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146023.vxd/C:/WINDOWS/System32/exdl.exe   Infected: not-a-virus:AdWare.Win32.BargainBuddy.n   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146023.vxd/C:/WINDOWS/System32/mqexdlm.srg   Infected: not-a-virus:AdWare.Win32.BargainBuddy.n   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146023.vxd/C:/WINDOWS/System32/exul.exe   Infected: not-a-virus:AdWare.Win32.BargainBuddy.q   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146023.vxd/C:/WINDOWS/System32/javexulm.vxd   Infected: not-a-virus:AdWare.Win32.BargainBuddy.q   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146023.vxd   ZIP: infected - 4   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146031.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146032.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146037.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146045.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146050.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146053.dll   Infected: Trojan.Win32.Agent.ic   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146054.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.b   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146059.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146069.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146074.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146081.exe   Infected: Trojan-Downloader.Win32.Zlob.lu   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146082.exe   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0146088.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0147084.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0147095.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.b   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0147097.dll   Infected: Trojan.Win32.Agent.ic   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP927\A0147098.exe   Infected: Trojan.Win32.Agent.ay   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP947\A0147509.dll   Infected: not-a-virus:AdWare.Win32.ActivShopper.d   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP952\A0149853.tlb   Infected: Trojan-Downloader.Win32.Zlob.lt   skipped
C:\System Volume Information\_restore{BCAAB780-93BC-4A83-A237-9894871B718F}\RP952\A0149855.dll   Infected: Trojan.Win32.Small.ev   skipped
C:\WINDOWS\nrsfxc.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.ai   skipped
C:\WINDOWS\wcqibkzin.exe   Infected: not-a-virus:AdWare.Win32.BetterInternet.bd   skipped

Scan process completed.

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 08, 2006, 10:56:03 PM »

Here you go....I finally got it to take. <sighs> I hope everything is right. I have the Smitfraud and the new Hijackthis log. Thank you again for all your help.
Cindy

Logfile of HijackThis v1.99.1
Scan saved at 10:47:19 PM, on 5/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\PEOPLE~1\PropelAC.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WinZip\winzip32.exe
C:\WinZip\winzip32.exe
C:\WinZip\winzip32.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: PowerPanel.lnk = ?
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049973559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049914866
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

SmitFraud

SmitFraudFix v2.41

Scan done at 22:38:58.89, Mon 05/08/2006
Run from C:\Documents and Settings\cathy a musgrave\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\interf.tlb FOUND !
C:\WINDOWS\system32\ncompat.tlb FOUND !
C:\WINDOWS\system32\oleext.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\cathy a musgrave\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CATHYA~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"

[HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32]
@="C:\WINDOWS\System32\xenadot.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}\InProcServer32]
@="C:\WINDOWS\System32\xenadot.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 08, 2006, 08:16:36 PM »

Well....whewwwwwwwwww....I was finally able to load Ewido from one computer to the next. I got it installed. First I went in and uninstalled all the previous trys that I had made. I dont really understand...but you might...I did a search for Ewido files and it had many listed as "prefetch" files. Make sense to you? Anyway I did a complete uninstall, then did the search, deleted all I could find and then emptied my trash bin, rebooted and then loaded my clean copy. It loaded right up and I followed your previous instructions. Included is the results. I was unsure if you wanted a new hijackthis log. Just let me know, I will be on for a while tonite. I will await your reponse, and once again, thank you soooo very much for all your help.
Cindy
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

e w i d o a n t i - m a l w a r e - S c a n r e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

+ C r e a t e d o n :             7 : 4 9 : 1 1 P M , 5 / 8 / 2 0 0 6

+ R e p o r t - C h e c k s u m :         B C 4 B 6 E E 7

+ S c a n r e s u l t :

     H K L M \ S O F T W A R E \ C l a s s e s \ C L S I D \ { 3 D 7 8 2 B B 3 - F 2 A 5 - 1 1 D 3 - B F 4 C - 0 0 0 0 0 0 0 0 0 0 0 0 } - > A d w a r e . A c t i v S h o p p e r : C l e a n e d w i t h b a c k u p

     H K L M \ S O F T W A R E \ C l a s s e s \ C L S I D \ { 7 F D 4 4 5 3 6 - 9 D F 0 - 4 0 3 4 - 9 3 9 F - 5 B D 4 D 9 8 E 3 1 8 7 } - > A d w a r e . G e n e r i c : C l e a n e d w i t h b a c k u p

     H K L M \ S O F T W A R E \ C l a s s e s \ C L S I D \ { F 5 D E 8 A D B - 4 A 6 9 - 4 e 5 6 - 9 6 A B - 8 2 3 1 7 1 C 8 E 9 D 8 } - > A d w a r e . G e n e r i c : C l e a n e d w i t h b a c k u p

     C : \ W I N D O W S \ d s r . d l l - > A d w a r e . B e t t e r I n t e r n e t : C l e a n e d w i t h b a c k u p

     C : \ W I N D O W S \ d s r . e x e - > T r o j a n . I m i s e r v . c : C l e a n e d w i t h b a c k u p

: : R e p o r t E n d

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 05, 2006, 02:26:16 PM »

Thank you once again for your help. I have good news and bad. Which do you want first? I did the fixes on the hijackthis. I posted up a fresh scan included in this post. I did the Windows CleanUp and that went just fine. When it came to Ewido..I tried everything to download it. Nothing worked. I tried your link and tried going to their webside directly. I kept getting the same error. NSIS Error. "The installer is corrupted or incomplete. This could be the result of a damaged disk, a failed download, or a virus." It would begin the download and do about 10 or 15% and then zip to the end of the download. It would create the icon like it was complete but when I click it, it would give me the error msg. Sooo...needless to say, I have no Ewido. I have no rapport.txt file. When I open notepad from Run....it is blank. So whats next? I still think IE is somewhat unstable as it still gives me "page cannot be found" messages all the time, I have to reboot to get a good browser all the time.

Logfile of HijackThis v1.99.1
Scan saved at 1:08:31 PM, on 5/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\PROGRA~1\PEOPLE~1\PropelAC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: PowerPanel.lnk = ?
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049973559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049914866
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DAA6935-B924-4C3E-B534-87D655B3711A}: NameServer = 66.90.133.117 66.90.130.10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 04, 2006, 10:30:25 AM »

ok....I did as you said and it flashes a screen at me faster than I can read it. So either there is nothing there....or its being used by another process. I did disable the antivirus. BTW...I did get my browser window back and I have no more pop ups so far...

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 04, 2006, 03:36:28 AM »

Thank you again very much for your help. I did the Ad-Aware with the VX2 plug-in and all went fine. I ran a new hijackthis log which I will include. I do have to tell you that between my first post and this one, I downloaded from some of your previous post links the Avast Antivirus software and got rid of some of the junk in my trunk. I will not do that again without instruction from you. The only think I did have a problem with was the smitfraudfix. I have it downloaded, but when I doubleclicked on .cmd.....a box opened that said Process.exe is missing. Press any key to continue. When I did that, another box opened. Windows Script Host Error, MS VBScript Compilation error #800A0400. At the bottom of your post there was a link to another website, but there wasnt really an instruction with it. Did you want me to do something with that? I went there and looked, but was unsure so did nothing. Once again, thank you for all your help......sorry to be a pain.
Cindy

Logfile of HijackThis v1.99.1
Scan saved at 2:17:44 AM, on 5/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\PEOPLE~1\PropelAC.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hpA121.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: PowerPanel.lnk = ?
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049973559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049914866
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DAA6935-B924-4C3E-B534-87D655B3711A}: NameServer = 66.90.133.117 66.90.130.10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Tech Clinic / OK....I got a sick one....I need some help please.

« on: May 03, 2006, 02:21:45 AM »

I finally was able to get Hijack This downloaded after two days. I have a current scan. I finally got my wallpaper back tonite after reading your forums and trying many of your fixes. Most of the downloads I try get interupted and are unable to finish. I have pop ups and the about blank browser. This is my sister's laptop, I am only a little dangerous...she is a lot dangerous. Can you help me? Right now, I have already downloaded the Windows CleanUp 4.0 and SmitRem.exe from your other posts. I have been unable to get a clean download on Ewido. Here is my HijackThis Scan... Thanks in Advance...
Cindy

Logfile of HijackThis v1.99.1
Scan saved at 2:06:51 AM, on 5/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\phggof.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\PEOPLE~1\PropelAC.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ISP50\Bin\Bartshel.exe
C:\PROGRA~1\ISP50\dialer\DIALER.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cathy a musgrave\Local Settings\Temporary Internet Files\Content.IE5\OV861TFJ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hpA095.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION
O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [fnotby] C:\WINDOWS\System32\phggof.exe r
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: PowerPanel.lnk = ?
O4 - Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) - http://download.richfx.com/player/mediaver...st/twophase.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049973559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146049914866
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DAA6935-B924-4C3E-B534-87D655B3711A}: NameServer = 66.90.133.117 66.90.130.10
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - lildeuce05

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.

Tech Clinic / OK....I got a sick one....I need some help please.