Author Topic: Have Trojan Horse downloader.generic.THQ, Please help (Read 696 times)

Sharkie · « **on:** May 21, 2006, 06:48:14 PM »

Hello,
Thank you very much for any help ahead of time. HJT log below and taken upon a fresh reboot.

I have been reading your forum in search of a fix for this trojan horse downloader.generic.THQ without finding anything that exactly matches it.

I have run AVG, it found this trojan in the file C:\windows\system32\??sks\msdtc.exe and AVG shows that it had healed the file successfully and then on the summary screen shows that the file was deleted. If I run AVG once again, the file reapears and the same happens again, never goes away.
I am having random reboots and the usual windows screen showing "Improper Shutdown", very slow computer performance, random dial-up's during the night once the connection has been terminated, all programs ended and the computer manually put into standby mode. Also showing that there was up-load and downloaded content during this time. Lately, I have been disconnecting the phone line from the modem to keep this from happening during the night, while I am asleep.
I am also having slowing internet performance problems, that usually result in being kicked off the net at least 2-6 times a day (sure that some of this is due to my ISP and/or phone line) and display/video corruption problems with some clicking coming from the back of the monitor when I do nothing more than move the mouse or open a window or program. I have downloaded the newest driver for my video card and that did not help. Guess that the display problem may not be due to any trojan, but to a faulty monitor or video card instead, but added it, just in case it's possible for a trojan to cause this type of problem.

I thank you again for any help you can provide me with getting rid of this trojan and helping me with any of these other problems, I am experiencing,

Sharkie

_________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10:37:00 AM, on 5/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\windows\SYSTEM32\3cmlink.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\HPCD-D~1\Umbrella\DVDTray.exe
C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
C:\windows\SYSTEM32\3cshtdwn.exe
C:\windows\SYSTEM32\3cmlink.exe
C:\PROGRA~1\NEOWATCH\NWSERVICE.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\windows\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\CallWaiting.exe
C:\Program Files\NeoWatch\NeoWatchTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Daddy\My Documents\Installed Software & Upgrades\Adware Removal Programs\Hijack This\HijackThis.exe
C:\windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tigerdirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4F4C4C7B-83E1-8B12-C00A-DC98BA17F3B0} - C:\windows\system32\hicdgvz.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {27E75F71-CCE9-CA4A-C7CA-C049146AC5EF} - C:\windows\system32\zlbtt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66551DD7-814C-8FC2-6394-810D808DF7CF} - C:\windows\system32\lcn.dll (file missing)
O2 - BHO: (no name) - {7843DE3B-46F2-1B5B-8F9E-45D1ED60C6E8} - (no file)
O2 - BHO: (no name) - {A2741661-D5FC-D027-D34E-8F1D834140C7} - C:\windows\system32\zqe.dll (file missing)
O2 - BHO: (no name) - {D2741662-D5FF-DD2A-D33F-8B1DF14540C5} - C:\windows\system32\zqe.dll (file missing)
O2 - BHO: (no name) - {DF19A458-3DC2-3C14-EE0C-68F39F204197} - C:\windows\system32\cnibskgs.dll (file missing)
O2 - BHO: (no name) - {F5BC7402-ED9D-BD45-ED2C-BABE3B7E659D} - C:\windows\system32\nqciqj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [3c1807pd] C:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /noui
O4 - HKLM\..\Run: [DVDTray] "C:\PROGRA~1\HPCD-D~1\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [HPCDTray] "C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\CallWaiting.exe
O4 - Global Startup: NeoWatch Startup.lnk = C:\Program Files\NeoWatch\NeoWatchTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} -
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NeoWatch Monitor Service (NWService) - Unknown owner - C:\PROGRA~1\NEOWATCH\NWSERVICE.exe

guestolo · « **Reply #1 on:** May 21, 2006, 09:56:44 PM »

Can you open Hijackthis
Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop then come back here and copy and paste the whole contents please

Sharkie · « **Reply #2 on:** May 21, 2006, 10:31:19 PM »

Sorry, back so late, had a couple things to do and just got back to this.
Here's the list you wanted.

802.11b Wireless LAN
Ad-Aware SE Personal
Adobe Acrobat 5.0
ArcSoft ShowBiz
AutoCAD Mechanical 2000
Autodesk Learning Assistance
AVG Free Edition
BellSouth Accelerator Technology
BellSouth Pop-Up Catcher
Castle Link
CD-Text Manager
DFX for Musicmatch
DFX for Windows Media Player
FileSpecs plug-in for Ad-Aware SE
FriendFinder Messenger
HexDump plug-in for Ad-Aware SE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
HP DLA
hp dvd writer
HP Memories Disc
HP RecordNow
HP Simple Backup 4.75 (OEM)
Intel® PRO Network Adapters and Drivers
Java 2 Runtime Environment Standard Edition v1.3.1_02
Kogi
Lavasoft VX2 Cleaner
Lexar Media Reader Products
Logitech iTouch Software
Logitech MouseWare 9.75
LSP Explorer plug-in for Ad-Aware SE
Lyric Finder 1.0
Macromedia Flash Player 8
Media Library Management Wizard
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Windows Journal Viewer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Musicmatch® Jukebox
MyDVD
NeoTrace Pro 3.25
NeoWatch 2.4 Registered
Nero Fast CD-Burning Plug-in
NTI CD-Maker 6 Gold
NVIDIA Drivers
PC Pitstop Optimize 1.0v
Personal License Update Wizard for Windows Media Player
PhoneTools
PhotoMAX 2.4
PhotoMAX Pro
Pinnacle InstantCD/DVD Suite
Plus! MP3 Audio Converter LE
Profili 2
Registry First Aid
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Shockwave
ShortKeys Lite
SoundMAX
Spybot - Search & Destroy 1.4
Turbo Lister
Tweak-SE plug-in for Ad-Aware SE
U.S. Robotics ControlCenter
U.S. Robotics Internet Call Notification
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Veo Digital Studio
Veo Stingray
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Address AutoComplete
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar

guestolo · « **Reply #3 on:** May 21, 2006, 10:57:20 PM »

Doesn't look that bad
Can you do the following please
Let's see if we can clean anything that may be unnoticed in the logs

==Download and install Windows CleanUp! 4.5.1
Don't run this yet

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" UNCHECK

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

I need you too do the following
Spybot's TeaTimer is a great tool, but it may, and probably will interfere with any fixes we are to try
Open Spybot, click on MODE>>Advanced Mode>>Ok the prompt
Click on TOOLS in the bottom left
Then click on RESIDENT on the top left column
On the right hand side, uncheck ONLY Resident "TeaTimer"
Accept the change
Leave this disabled until we are sure we have you clean please

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tigerdirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4F4C4C7B-83E1-8B12-C00A-DC98BA17F3B0} - C:\windows\system32\hicdgvz.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O2 - BHO: (no name) - {27E75F71-CCE9-CA4A-C7CA-C049146AC5EF} - C:\windows\system32\zlbtt.dll (file missing)

O2 - BHO: (no name) - {66551DD7-814C-8FC2-6394-810D808DF7CF} - C:\windows\system32\lcn.dll (file missing)
O2 - BHO: (no name) - {7843DE3B-46F2-1B5B-8F9E-45D1ED60C6E8} - (no file)
O2 - BHO: (no name) - {A2741661-D5FC-D027-D34E-8F1D834140C7} - C:\windows\system32\zqe.dll (file missing)
O2 - BHO: (no name) - {D2741662-D5FF-DD2A-D33F-8B1DF14540C5} - C:\windows\system32\zqe.dll (file missing)
O2 - BHO: (no name) - {DF19A458-3DC2-3C14-EE0C-68F39F204197} - C:\windows\system32\cnibskgs.dll (file missing)
O2 - BHO: (no name) - {F5BC7402-ED9D-BD45-ED2C-BABE3B7E659D} - C:\windows\system32\nqciqj.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} -

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab--- Reset home page

Come back here. Run a fresh Scan and save logfile with hijackthis and post a fresh log
Also, post the whole report you saved earlier from Ewidos

Sharkie · « **Reply #4 on:** May 21, 2006, 11:17:01 PM »

Will do.. Will be in the late morning/early afternoon tomorrow before I get a chance to get this finished and post again. I have an early morning planned. (already after 11:00pm here) Will download Ewido tonight and if this doesn't take very long I will also try to update as well before bed.
You have a good night and I will do this and post ASAP tomorrow.

Till tomorrow, thank you again,

Sharkie

Sharkie · « **Reply #5 on:** May 22, 2006, 02:51:28 PM »

Finally got it done! Took a little longer than I expected for it to run Ewido.
Here are the log files for HJT & Ewido below.

Logfile of HijackThis v1.99.1
Scan saved at 2:43:51 PM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\windows\SYSTEM32\3cmlink.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\SYSTEM32\3cshtdwn.exe
C:\windows\SYSTEM32\3cmlink.exe
C:\windows\system32\nvsvc32.exe
C:\PROGRA~1\HPCD-D~1\Umbrella\DVDTray.exe
C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
C:\PROGRA~1\NEOWATCH\NWSERVICE.exe
C:\windows\System32\snmp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe
C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\CallWaiting.exe
C:\Program Files\NeoWatch\NeoWatchTray.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Daddy\My Documents\Installed Software & Upgrades\Adware Removal Programs\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [3c1807pd] C:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /noui
O4 - HKLM\..\Run: [DVDTray] "C:\PROGRA~1\HPCD-D~1\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [HPCDTray] "C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics Internet Call Notification.lnk = C:\Program Files\U.S. Robotics\U.S. Robotics Internet Call Notification\CallWaiting.exe
O4 - Global Startup: NeoWatch Startup.lnk = C:\Program Files\NeoWatch\NeoWatchTray.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NeoWatch Monitor Service (NWService) - Unknown owner - C:\PROGRA~1\NEOWATCH\NWSERVICE.exe

--------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         2:21:41 PM, 5/22/2006
+ Report-Checksum:      908AF656

+ Scan result:

   HKU\S-1-5-21-4111605983-626137017-4049334612-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4111605983-626137017-4049334612-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
   C:\WINDOWS\system32\hicdgvz.dll -> Adware.PurityScan : Cleaned with backup
   C:\WINDOWS\system32\nоpdb-1.exe -> Adware.PurityScan : Cleaned with backup
   C:\WINDOWS\system32\Таsks\msdtc.exe -> Downloader.PurityScan.bx : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
   C:\Documents and Settings\Daddy\My Documents\Installed Software & Upgrades\Yahoo\MediaTicket.exe -> Adware.MediaTickets : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp -> TrackingCookie.Atdmt : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp -> TrackingCookie.Doubleclick : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Mediaplex : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> TrackingCookie.Advertising : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8D.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp -> TrackingCookie.Mediaplex : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> TrackingCookie.Revenue : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp -> TrackingCookie.Advertising : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq91.tmp -> TrackingCookie.Adserver : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Zedo : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> TrackingCookie.2o7 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp -> TrackingCookie.Ru4 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> TrackingCookie.Advertising : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> TrackingCookie.Valueclick : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Adware.MediaTickets : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Zedo : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.2o7 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Clickbank : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Ru4 : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Bridgetrack : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Serving-sys : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.Clickbank : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq157.tmp -> TrackingCookie.Statcounter : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Qksrv : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Statcounter : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Tacoda : Cleaned with backup
   C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe -> Heuristic.Win32.Dialer : Cleaned with backup

::Report End

guestolo · « **Reply #6 on:** May 22, 2006, 03:41:56 PM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Post back one last hijackthis log
How is everything on your end?

Sharkie · « **Reply #7 on:** May 22, 2006, 04:16:08 PM »

Hi again Questolo,
Computer itself, seems to be running much faster and smoother & without all the lagging probs too, once online.
I do have a couple things that I forgot to mention earlier, when I ran the Windows Cleanup and Ewido and came back to post the reports.

1.) When I went to restart in Safe Mode, I had 2 choices of OS's to choose from on the list. I chose the top one, which said "MicroSoft Windows XP Home Edition" and that one came back with not wanting to boot up. The 2nd Choice was "Windows (Default)". I had to Ctrl-Alt-Del at the no boot up screen showing "Invalid OS" and then choose the 2nd option for the boot OS "Windows (Default)". Is there a way to delete the 1st wrong OS description, on this boot options page?

2.) When I go to open a new Internet Explorer session window, the window is very slow (ie... 5-8 seconds) appearing before I can actually start surfing the net. Is this a common thing, because if I remember right, that was almost immediate to open, before I contracted all this adware/malware?

Other than those 2 things, I feel like you have helped me out 110%. I really appreciate the efforts that you have given me towards the removal of adware/malware and therepair/restoration of my computers integrity.

You are very good at what you do, keep up the very excellent work!

Thanks again for all this help,

Sharkie

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

PS - Do I need to uninstall either of the programs that you had me to install? I do see that there is an active process for Ewido Anti-Malware that starts at boot.

Below is the most recent HJT log.

---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:51:11 PM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-

malware\ewidoctrl.exe
C:\windows\system32\nvsvc32.exe
C:\PROGRA~1\NEOWATCH\NWSERVICE.exe
C:\windows\System32\snmp.exe
C:\windows\Explorer.EXE
C:\windows\SYSTEM32\3cmlink.exe
C:\Program Files\BellSouth Internet

Tools\blsloader.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\windows\SYSTEM32\3cshtdwn.exe
C:\PROGRA~1\HPCD-D~1\Umbrella\DVDTray.exe
C:\windows\SYSTEM32\3cmlink.exe
C:\Program Files\HP CD-

DVD\Umbrella\hpcdtray.exe
C:\Program Files\Analog

Devices\SoundMAX\Smax4.exe
C:\Program

Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\802.11 Wireless

LAN\WlanMonitor.exe
C:\Program Files\U.S. Robotics\U.S. Robotics

Internet Call Notification\CallWaiting.exe
C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mim.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Daddy\My

Documents\Installed Software & Upgrades\Adware

Removal Programs\Hijack This\HijackThis.exe
C:\windows\system32\wuauclt.exe

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\

Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7

-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-

496D-800A-B827F2E34EA1} - C:\Program

Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644

-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-

4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7

-479B-BB95-14D1EFB7946A} - C:\Program

Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-

11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [3c1807pd]

C:\windows\SYSTEM32\3cmlink.exe RunServices

\Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [blspcloader] "C:\Program

Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32

\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program

Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /noui
O4 - HKLM\..\Run: [DVDTray] "C:\PROGRA~1\HPCD-

D~1\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [HPCDTray] "C:\Program

Files\HP CD-DVD\Umbrella\hpcdtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1]

"C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [Logitech Utility]

Logi_MwX.Exe
O4 - HKLM\..\Run: [MSPY2002]

C:\windows\system32\IME\PINTLGNT\ImScInst.exe

/SYNC
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1

\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [PHIME2002A]

C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run: [PHIME2002ASync]

C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

/SYNC
O4 - HKLM\..\Run: [Propel Accelerator]

"C:\Program Files\BellSouth Accelerator

Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [SoundMAX] "C:\Program

Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program

Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [zBrowser Launcher]

C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck]

C:\windows\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\windows\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Instant Update

Reminder.lnk = ?
O4 - Global Startup: Configuration & Monitor

Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics Internet

Call Notification.lnk = C:\Program Files\U.S.

Robotics\U.S. Robotics Internet Call

Notification\CallWaiting.exe
O4 - Global Startup: NeoWatch Startup.lnk =

C:\Program Files\NeoWatch\NeoWatchTray.exe
O8 - Extra context menu item: &NeoTrace It! -

C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Yahoo! Search -

file:///C:\Program Files\Yahoo!

\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo!

&Dictionary - file:///C:\Program Files\Yahoo!

\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///C:\Program Files\Yahoo!

\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -

file:///C:\Program Files\Yahoo!

\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B

-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-

1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1

\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program

Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon -

http://download.games.yahoo.com/games/clients/y

/at1_x.cab
O16 - DPF: Yahoo! Cribbage -

http://download.games.yahoo.com/games/clients/y

/it1_x.cab
O16 - DPF: Yahoo! Dominoes -

http://download.games.yahoo.com/games/clients/y

/dot8_x.cab
O16 - DPF: Yahoo! Gin -

http://download.games.yahoo.com/games/clients/y

/nt1_x.cab
O16 - DPF: Yahoo! Poker -

http://download.games.yahoo.com/games/clients/y

/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y

/potg_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-

D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10/StagingUI.

cab40641.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-

718958B6E4D2} -

http://download.ebay.com/turbo_lister/US/instal

l.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-

FA1D4F56A2AB} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-

B5388FFDD0D8} (ZoneBuddy Class) -

http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab

32846.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-

D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/EPUWALC

ontrol_v1-0-3-9.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-

917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10/ZPAChat.ca

b32846.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-

4EB7002E68AE} (Housecall ActiveX 6.5) -

http://housecall65.trendmicro.com/housecall/app

let/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-

AEA0D2287303} (ZPA_TexasHoldem Object) -

http://zone.msn.com/bingame/zpagames/zpa_txhe.c

ab43895.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-

220313175592} (ZoneIntro Class) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntr

o.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-

398534BB8999} (YAddBook Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/in

stalls/suite/yautocomplete.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-

C771BB369937} (StadiumProxy Class) -

http://zone.msn.com/binframework/v10/StProxy.ca

b41227.cab
O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc)

- GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -

GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

\avgemc.exe
O23 - Service: ewido security suite control -

ewido networks - C:\Program Files\ewido anti-

malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service

(NVSvc) - NVIDIA Corporation -

C:\windows\system32\nvsvc32.exe
O23 - Service: NeoWatch Monitor Service

(NWService) - Unknown owner - C:\PROGRA~1

\NEOWATCH\NWSERVICE.exe

TheTechGuide Forum

News:

Author Topic: Have Trojan Horse downloader.generic.THQ, Please help (Read 696 times)

Sharkie

Have Trojan Horse downloader.generic.THQ, Please help

guestolo

Have Trojan Horse downloader.generic.THQ, Please help

Sharkie

Have Trojan Horse downloader.generic.THQ, Please help

guestolo

Have Trojan Horse downloader.generic.THQ, Please help

Sharkie

Have Trojan Horse downloader.generic.THQ, Please help

Sharkie

Have Trojan Horse downloader.generic.THQ, Please help

guestolo

Have Trojan Horse downloader.generic.THQ, Please help

Sharkie

Have Trojan Horse downloader.generic.THQ, Please help