Author Topic: Spyware infection and comp is lagging (Read 2471 times)

Athrin · « **on:** January 12, 2006, 02:32:38 PM »

I had a spyware infection yesterday and i think i got rid of some of it but i also think some of it is still here. So guestolo, if you could help me, i'd appreciate it

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Here is my hijackthis login.

Logfile of HijackThis v1.99.1
Scan saved at 2:26:32 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\avant.exe
C:\Documents and Settings\CYNTHIA\My Documents\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SDWin32 Class - {6B65F460-D1B5-4E04-9A75-762DA0F81072} - C:\WINDOWS\System32\knjvl.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [strtas] l074.exe
O4 - HKLM\..\RunServices: [strtas] l074.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [strtas] l074.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AD Black List - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Search.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132988461531
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

guestolo · « **Reply #1 on:** January 12, 2006, 06:39:48 PM »

Can you do the following please
Open Hijackthis>>Open Misc tools section>>Open Uninstall manager
Click the SAVE LIST button
Save this list too desktop then copy and paste back here the whole contents

Athrin · « **Reply #2 on:** January 12, 2006, 06:51:09 PM »

k, here are the results

1TabView
Ad-Aware SE Personal
AOL Instant Messenger
Avant Browser (remove only)
AVG Free Edition
DAO
Diablo II
Direct Show Ogg Vorbis Filter (remove only)
HijackThis 1.99.1
Lexmark Z600 Series
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Makaha v6.1
Matroska Pack - Lazy Man's MKV 0.9.7
Microsoft Office 2000 Premium
MSN Music Assistant
Search Basket
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Snes9x
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Win-dh
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

guestolo · « **Reply #3 on:** January 12, 2006, 07:15:52 PM »

Could you do the following please

==Download and Install
Windows Cleanup! 4.0
Don't run it yet

==Download and save too your desktop
AimFix.exe by JayLoden
Don't run it yet

==Download CWShredder.exe and save to your desktop

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

==Double click to open CWShredder.exe
Select the FIX button, let it run a scan, when it's done
Exit please

==Double click to run Aimfix.exe
Follow the prompts
Exit when it's done

====Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections

Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Stay in safe mode
Do a "System scan only" with Hijackthis and put a check next to these entries:
Not all may exist, but tick what you see from below

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: SDWin32 Class - {6B65F460-D1B5-4E04-9A75-762DA0F81072} - C:\WINDOWS\System32\knjvl.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [strtas] l074.exe
O4 - HKLM\..\RunServices: [strtas] l074.exe
O4 - HKCU\..\Run: [strtas] l074.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
Back in Windows

Can i see the following please

1. Post a fresh hijackthis log
2. Post the full report from Ewido's
3. If Aimfix made a log on your desktop, can you post it too

Athrin · « **Reply #4 on:** January 12, 2006, 09:09:12 PM »

aight, here are the logins =)

Logfile of HijackThis v1.99.1
Scan saved at 9:08:04 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\avant.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CYNTHIA\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AD Black List - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Search.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132988461531
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         8:53:43 PM, 1/12/2006
+ Report-Checksum:      454DF014

+ Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
   HKLM\SOFTWARE\msbb -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0007522A-2297-43C1-8EB1-C90B0FF20DA5} -> Spyware.ShopNav : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{017C20C1-F86F-11D8-9B25-000ACD002AE3} -> Spyware.EnhanceMySearch : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E65A557-173C-4DE9-860B-28FC5CACA542} -> Spyware.FastFind : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A78860C8-EE1A-46DF-A97F-E3E6D433E80B} -> Spyware.AdTomi : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-1606980848-842925246-1611603155-1003\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Tools\tools.dll -> Spyware.MediaBack : Cleaned with backup
   C:\Program Files\Aprps -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_01-10-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_02-10-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_03-10-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_27-09-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_28-09-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_29-09-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\AI_30-09-2005.log -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\atl.dll -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\plg0 -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\ProxyStub.dll -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\pstub0 -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Aprps\pstub0\proxystub.dll -> Adware.AproposMedia : Cleaned with backup
   C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
   C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
   C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
   C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
   C:\Program Files\save -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast\LoD_Legend.key -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast\LoD_Legend.ma0 -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast\LoD_Legend.ma1 -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast\LoD_Legend.ma2 -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast\LoD_Legend.ma3 -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\save\USEast\LoD_Legend.map -> Adware.SaveNow : Cleaned with backup
   C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup
   C:\Program Files\SideFind\update -> Adware.SideFind : Cleaned with backup
   C:\WINDOWS\azesearch.bmp -> Adware.Azesearch : Cleaned with backup
   C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADTMI1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIB9894.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIC29667.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASID12180.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIE17070.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIF29819.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIF4502.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIFA15376.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIG21943.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIH21180.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIH7853.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASII21469.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIL18549.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASILS29399.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIM9740.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIS24110.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIS31590.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIT17011.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIT26116.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIW11211.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\AUTOS2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\DATE4.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FAST1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\FMND1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\HERBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\JOBS4.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\MOVS2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\NEWS2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\SHOP2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\SPEC1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TECH2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TRVL6.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TVEN1.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\TVEN2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\UTONE2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\WWW3.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
   C:\WINDOWS\bundles\runsearch.exe -> Spyware.MegaSearch.d : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\search3.dll -> Spyware.MegaSearch : Cleaned with backup
   C:\WINDOWS\enhtb.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\WINDOWS\enhuninstall.exe -> Spyware.NoName : Cleaned with backup
   C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
   C:\WINDOWS\loadadv728.exe -> Downloader.PassAlert.i : Cleaned with backup
   C:\WINDOWS\systb.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\WINDOWS\system32\azesearch4.ocx -> Spyware.AzSearch : Cleaned with backup
   C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
   C:\WINDOWS\system32\iasada.dll_tobedeleted -> Spyware.AzSearch : Cleaned with backup
   C:\WINDOWS\system32\knjvl.dll -> Spyware.Adstart : Cleaned with backup
   C:\WINDOWS\system32\knjvlf.exe -> Spyware.Adstart : Cleaned with backup
   C:\WINDOWS\system32\Mptrgo.exe -> Spyware.DealHelper : Cleaned with backup
   C:\WINDOWS\system32\msshed32.exe -> Downloader.Delf.ep : Cleaned with backup
   C:\WINDOWS\system32\Reaxbu.exe -> Spyware.DealHelper : Cleaned with backup
   C:\WINDOWS\system32\Wnljjz.exe -> Spyware.DealHelper : Cleaned with backup
   C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup

::Report End

AIMFix version: 1.5.111.1851
SeDebug Privilege set successfully

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas
Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas
Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\strtas
FU rootkit detected!
AIMFix set to run at startup in RunOnce
Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas
Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas
Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\strtas
Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas
Found HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strtas
Found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\strtas
Reboot cancelled by user
AIMFix version: 1.5.111.1851
SeDebug Privilege set successfully

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

So far so good somewat lol, k what next?

guestolo · « **Reply #5 on:** January 12, 2006, 09:41:48 PM »

Can you do this please

Open Ad-Aware Se 1.06
Ensure to click the check for updates now link and Connect to download the latest updates if any
Close it for now

Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.
This tool must be run in safe mode
Reboot into safe mode

Access your add/remove programs, I forgot to ask you to remove a couple entries
In add/remove REMOVE the following if you can
Search Basket
Win-dh

Stay in safe mode

Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

Afterwards,
Open Ad-Aware
Click START
Click the radio button to "Perform a Full system scan" then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode

Post another hijackthis log and also
Post The entire contents of the log.txt file in the aproposfix folder

Athrin · « **Reply #6 on:** January 12, 2006, 10:32:35 PM »

k, here is the highjackthis log and the other one you asked for

Logfile of HijackThis v1.99.1
Scan saved at 10:32:10 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CYNTHIA\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AD Black List - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Search.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132988461531
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\CYNTHIA\Desktop\aproposfix

************

Registry entries found:

It didn't find any entries or either somethin was done wrong. Also, i believe the spyware is gone but now my only problem is slowness in my comp. Like, it skips around a lot "lag" and is very annoying lol Thanks for your help btw

Athrin · « **Reply #7 on:** January 14, 2006, 02:01:10 PM »

Never mind Guestolo

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> I fixed it myself

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> But you helped me throughout the whole process, thank you bery much

Athrin · « **Reply #8 on:** January 14, 2006, 09:01:27 PM »

Ok so i lied -.- lol Before i left for work, it was working just fine and then i just got back from work and it's laggy again and i dont have any idea why, so Guestolo, if you could help me one last time, that would be cool =)

Athrin · « **Reply #9 on:** January 15, 2006, 05:52:13 PM »

Any ideas to help my lagging situation guestolo?

guestolo · « **Reply #10 on:** January 15, 2006, 08:58:01 PM »

Can I see a fresh hijackthis log please

Also, Save Silent Runners.vbs to your desktop and double click on it to run.
If prompted by your AV, please let this script run, we are just collecting information

This will create a text file on your desktop
Open the text file and copy and paste the contents back here

NOTE: let silentrunners completely finish, it should prompt when it is done

Athrin · « **Reply #11 on:** January 15, 2006, 09:45:01 PM »

k, here is everything

Logfile of HijackThis v1.99.1
Scan saved at 9:41:54 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Spyware Doctor Enterprise Server\EntServer.exe
C:\Program Files\Spyware Doctor Enterprise Server\EntWatchDog.exe
C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\avant.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\CYNTHIA\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AD Black List - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Search.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Spyware Doctor Enterprise Server - PC Tools Research Pty Ltd. - C:\Program Files\Spyware Doctor Enterprise Server\EntServer.exe
O23 - Service: Spyware Doctor Enterprise Watchdog - PC Tools Research Pty Ltd. - C:\Program Files\Spyware Doctor Enterprise Server\EntWatchDog.exe

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\msaccrt\Access 97\soa800.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]

Startup items in "CYNTHIA" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Service Manager" -> shortcut to: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]

Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check ()" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (COMPUTER-21MJLZ-CYNTHIA)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"McAfee.com Update Check (NT AUTHORITY-SYSTEM)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [file not found]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
MSSQLSERVER, MSSQLSERVER, "C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER" [MS]
Spyware Doctor Enterprise Server, Spyware Doctor Enterprise Server, "C:\Program Files\Spyware Doctor Enterprise Server\EntServer.exe" ["PC Tools Research Pty Ltd. "]
Spyware Doctor Enterprise Watchdog, Spyware Doctor Enterprise Watchdog, "C:\Program Files\Spyware Doctor Enterprise Server\EntWatchDog.exe" ["PC Tools Research Pty Ltd. "]
SQLSERVERAGENT, SQLSERVERAGENT, "C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 104 seconds, including 10 seconds for message boxes)

guestolo · « **Reply #12 on:** January 15, 2006, 09:49:07 PM »

This could be a conflict with AVG and McAfee's
I never got the chance to tell you it's not a good idea to run to AV's in the background at the same time
Can cause conflicts and decrease system performance noticably
Uninstall one or the other
Reboot the computer

See if the lag issue disappears
Have you defragged lately?

Athrin · « **Reply #13 on:** January 15, 2006, 09:53:42 PM »

Yup, i defragged like 45 min. ago, i cant even uninstall mcafee, no uninstall in add/remove programs, i use avg more so i want to get rid of mcafee, where else could i go to get rid of it since there's nothing in add/remove programs?

guestolo · « **Reply #14 on:** January 15, 2006, 10:09:34 PM »

I couldn't be sure what product you had installed
Follow McAfee's, they should have manual removal instructions
from this link
http://ts.mcafeehelp.com/?siteID=1&resolution

On the left hand side, input your product and select Install/uninstall issues

Let me know how it works for you

Athrin · « **Reply #15 on:** January 15, 2006, 10:37:34 PM »

Well, i believe i uninstalled some of it, i have a folder called VSO and there are 2 things in it called "mcvsshl.dll" and "shlres.dll" i tried doing what they said and other things but it wont let me delete it, i get an error message saying, "cannot delete mcvshhl.dll make sure the disk is not full or write-protected and that the file is currently not in use"

guestolo · « **Reply #16 on:** January 15, 2006, 10:44:37 PM »

Sorry, I still have no idea of what version of McAfee's you had installed
Give me some more info, I may be able to help you out

Athrin · « **Reply #17 on:** January 15, 2006, 10:49:07 PM »

To tell you the truth, i have no idea myself cuz i didn't install it on my comp, some guy did but i think i had security center, personal firewall plus, and virus scan 9. Only thing of mcafee left is those two files in my VSO folder that wont go, everything else i believe is gone

guestolo · « **Reply #18 on:** January 15, 2006, 10:51:26 PM »

Can I see a new Hijackthis log please

Could I also see an uninstall list from hijackthis
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save this list to desktop then copy and paste back here the whole contents please

Athrin · « **Reply #19 on:** January 15, 2006, 11:07:59 PM »

k, here it is

Logfile of HijackThis v1.99.1
Scan saved at 11:06:55 PM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\avant.exe
C:\Documents and Settings\CYNTHIA\My Documents\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AD Black List - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Documents and Settings\CYNTHIA\My Documents\Avant Browser\Search.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Spyware Doctor Enterprise Server - Unknown owner - C:\Program Files\Spyware Doctor Enterprise Server\EntServer.exe (file missing)
O23 - Service: Spyware Doctor Enterprise Watchdog - Unknown owner - C:\Program Files\Spyware Doctor Enterprise Server\EntWatchDog.exe (file missing)
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)

Ad-Aware SE Personal
AOL Instant Messenger
Avant Browser (remove only)
AVG Free Edition
Diablo II
ewido anti-malware
HijackThis 1.99.1
Lexmark Z600 Series
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Makaha v6.1
Matroska Pack - Lazy Man's MKV 0.9.7
Microsoft Office 2000 Premium
Microsoft SQL Server Desktop Engine
MSN Music Assistant
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Snes9x
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

News:

Author Topic: Spyware infection and comp is lagging (Read 2471 times)