Author Topic: Home Computer (Read 4833 times)

Binto100 · « **on:** February 18, 2007, 08:03:35 PM »

[attachment=2634:TechForum.txt]My other post was regarding my work computer (I'd like to follow-up in a day or two). The following attachment is from my home computer that has become nearly impossible to use at times.

Thanks.

Bruce

ComboScan v20070212.14 run by Bruce Berg on 2007-02-18 at 11:57:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis log (run as Bruce Berg.com) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:57:26 AM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Temp\comboscan.exe
C:\DOCUME~1\BRUCEB~1\LOCALS~1\Temp\~cfomrcd.tmp\Bruce Berg.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - system.ini: Shell=Explorer.exe c:\windows\system32\msiexec16.exe
F1 - win.ini: run=c:\windows\system32\msiexec16.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index.shtml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index.shtml?toolbar=yes (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: ChatSpace Full Java Client 3.1.0.219 - http://surechat.com:9000/Java/cfs31219.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157850221279
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36116.cab
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
[color=\"red\"].js - JSFile - unable to read value[/color]
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - System32\DRIVERS\AN983.sys
3 CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - system32\DRIVERS\Camdrl.sys
3 CCDECODE (Closed Caption Decoder) - System32\DRIVERS\CCDECODE.sys
2 CdaC15BA - \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
3 DELTA (Service for Delta Driver (WDM)) - system32\drivers\delta.sys
3 G400 - System32\DRIVERS\G400m.sys
3 G400DH - System32\DRIVERS\g400dhm.sys
3 GcKernel (Microsoft SideWinder Value Add - Filter Driver) - System32\DRIVERS\GcKernel.sys
3 HIDSwvd (Microsoft SideWinder Virtual HID Device Mini-Driver) - System32\DRIVERS\HIDSwvd.sys
3 HidUsb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
0 iomdisk (Iomega Devices Disk Filter Services) - System32\DRIVERS\iomdisk.sys
1 kbdhid (Keyboard HID Driver) - System32\DRIVERS\kbdhid.sys
1 KmxAgent - System32\DRIVERS\kmxagent.sys
2 KmxCF - System32\DRIVERS\KmxCF.sys
3 KmxCfg - System32\DRIVERS\kmxcfg.sys
1 KmxFile - System32\DRIVERS\KmxFile.sys
1 KmxFw - System32\DRIVERS\kmxfw.sys
2 KmxSbx - System32\DRIVERS\KmxSbx.sys
0 KmxStart - System32\DRIVERS\kmxstart.sys
3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - System32\Drivers\L8042mou.sys
3 LHidKe (Logitech SetPoint HID Mouse Filter Driver) - system32\DRIVERS\LHidKE.Sys
3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - System32\Drivers\LHidUsbK.Sys
3 LMouKE (Logitech SetPoint Mouse Filter Driver) - System32\Drivers\LMouKE.sys
3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys
3 MDX8LDR (Midex 8 - Firmware Loader) - System32\Drivers\mdx8ldr.sys
3 MIDEX8 (Midex 8 - USB Midi Driver) - system32\drivers\midex8.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - System32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - System32\DRIVERS\NdisIP.sys
1 P3 (Intel PentiumIII Processor Driver) - System32\DRIVERS\p3.sys
3 PhilCam8116 (Logitech QuickCam Pro 3000(PID_08B0)) - System32\DRIVERS\CamDrL21.sys
1 RapNet - \??\C:\WINDOWS\System32\drivers\RapNet.sys
3 SLIP (BDA Slip De-Framer) - System32\DRIVERS\SLIP.sys
3 streamip (BDA IPSink) - System32\DRIVERS\StreamIP.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynasUSB - system32\drivers\SynasUSB.sys
3 UPATC (USBAT CompactFlash Controller DriverSD) - System32\DRIVERS\upatc.sys
3 usbaudio (USB Audio Driver (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
0 viaagp (VIA AGP Bus Filter) - System32\DRIVERS\viaagp.sys
0 viaagp1 (VIA AGP Filter) - system32\DRIVERS\viaagp1.sys
0 ViaIde - System32\DRIVERS\viaide.sys
3 VIAudio (VIA AC'97 Audio Controller (WDM)) - system32\drivers\viaudio.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - System32\DRIVERS\WSTCODEC.SYS

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 C-DillaCdaC11BA - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
2 CAISafe - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
4 Iomega Activity Disk2 - ""
2 Iomega App Services - "C:\PROGRA~1\Iomega\System32\AppServices.exe"
2 ITMRTSVC (CA Pest Patrol Realtime Protection Service) - "C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe"
2 MGABGEXE - %SystemRoot%\System32\mgabg.exe
3 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 UmxAgent (HIPS Event Manager) - "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
2 UmxCfg (HIPS Configuration Interpreter) - "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
2 UmxFwHlp (HIPS Firewall Helper) - "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe"
2 UmxPol (HIPS Policy Manager) - "C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
2 VETMSGNT (VET Message Service) - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

-- Scheduled Tasks --------------------------------------------------------------

2007-02-18 10:58:46 354 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job<PCHEAL~1.JOB>

-- Files created between 2007-01-18 and 2007-02-18 ------------------------------

2007-02-18 11:52:28 0 d-------- C:\Program Files\HijackThis<HIJACK~1>

-- Find3M Report ----------------------------------------------------------------

2007-02-01 19:19:46 75280 --a------ C:\WINDOWS\system32\iSafProd.dll<Signed: CA, Inc.>
2007-02-01 19:19:46 21392 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys<Signed: Computer Associates International, Inc.>
2007-02-01 19:19:46 32528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys<Signed: Computer Associates International, Inc.>
2007-02-01 19:19:46 26640 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys<Signed: Computer Associates International, Inc.>
2007-02-01 19:19:46 21648 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys<Signed: Computer Associates International, Inc.>
2007-01-15 11:19:02 119816 --a------ C:\WINDOWS\system32\drivers\KmxCF.sys<Signed: CA>
2007-01-12 17:06:58 111624 --a------ C:\WINDOWS\system32\drivers\KmxFw.sys<Signed: CA>
2007-01-08 15:41:48 102408 --a------ C:\WINDOWS\system32\drivers\KmxStart.sys<Signed: CA>
2007-01-05 10:19:10 80776 --a------ C:\WINDOWS\system32\drivers\KmxCfg.sys<Signed: CA>
2006-12-24 15:49:20 2608 --a------ C:\WINDOWS\system32\d3d9caps.dat
2006-12-24 12:52:58 58504 --a------ C:\Documents and Settings\Bruce Berg\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2006-12-24 12:15:26 0 d-------- C:\Program Files\Microsoft Games<MICROS~3>
2006-11-28 20:48:56 27648 --a------ C:\Documents and Settings\Bruce Berg\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini<DCBC2A~1.INI>

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"="C:\\WINDOWS\\system32\\Macromed\\Flash\\GetFlash.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"DeltTray"="DeltTray.exe"
"Matrox Powerdesk"="C:\\WINDOWS\\System32\\PDesk\\PDesk.exe /Autolaunch"
"cctray"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\""
"capfaem"="C:\\Program Files\\CA\\eTrust Internet Security Suite\\CA Personal Firewall\\capfaem.exe"
"cafwc"="C:\\Program Files\\CA\\eTrust Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"POINTER"="point32.exe"
"SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\COMMON\\SWTRAYV4.EXE"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"LoadQM"="loadqm.exe"
"DXM6Patch_981116"="C:\\WINDOWS\\p_981116.exe /Q:A"
"LVComs"="C:\\WINDOWS\\SYSTEM32\\LVComS.exe"
"Matrox Powerdesk"="C:\\WINDOWS\\SYSTEM\\PDesk\\PDesk.exe /Autolaunch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\\PROGRA~1\\MESSEN~1\\msmsgs.exe /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="C:\\PROGRA~1\\MESSEN~1\\msmsgs.exe /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ    AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ    DnsCache
rpcss   REG_MULTI_SZ    RpcSs
imgsvc   REG_MULTI_SZ    StiSvc
termsvcs   REG_MULTI_SZ    TermService
HTTPFilter   REG_MULTI_SZ    HTTPFilter
DcomLaunch   REG_MULTI_SZ    DcomLaunchTermService

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d45ff50-5fb6-11da-ac41-002078124bf6}]
Shell\AutoRun\command   F:\JDSecure\Windows\JDSecure31.exe

* End of ComboScan: finished at 2007-02-18 at 12:03:48 -------------------------

ComboScan v20070212.14 run by Bruce Berg on 2007-02-18 at 11:57:00
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 511.47 MiB / 273.3 MiB
Pagefile Memory (total/avail): 1247.71 MiB / 1065.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.27 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 19.13 GiB total, 6.75 GiB free.
D: is CDROM (No Media)

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: CA Personal Firewall 9.0.0.65 v9.0.0.65 (CA)
AV: CA Anti-Virus v8.1.0.203 (CA, Inc.)

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bruce Berg\Application Data
CLASSPATH=C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=C1296417-A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bruce Berg
LOGONSERVER=\\C1296417-A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\MCAFEE\MCAFEE~1\PGP;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$p$g
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BRUCEB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BRUCEB~1\LOCALS~1\Temp
USERDOMAIN=C1296417-A
USERNAME=Bruce Berg
USERPROFILE=C:\Documents and Settings\Bruce Berg
winbootdir=C:\WINDOWS
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------------

Bruce Berg (admin)
Pam
Guest (guest)

-- Add/Remove Programs ----------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\Presto! BizCard 4.0 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Ports --> C:\WINDOWS\unvise32.exe C:\Program Files\Active Ports\uninstal.log
Ad-Aware SE Plus --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Type Manager --> C:\PSFONTS\ATMFM.EXE -U
CA Internet Security Suite --> "C:\Program Files\CA\eTrust Internet Security Suite\caunst.exe" /u
CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Corel OCR-Trace --> MsiExec.exe /I{3119E881-90A3-11D4-9E17-00A0C9CA2831}
CorelDRAW Graphics Suite 11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
FTP Voyager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RhinoSoft.com\FTP Voyager\Uninst.isu" -c"C:\Program Files\RhinoSoft.com\FTP Voyager\FVUninstall.dll"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
hp deskjet 930c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 930c series
hp deskjet 930c series (Remove only) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=930c -huninstall
HP Photo and Imaging 2.2 - Scanjet 8200 Series --> MsiExec.exe /I{83CDDBA5-0306-4173-9851-71F0F0E8412A}
HP PhotoSmart Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HP PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\HP PhotoSmart\Photo Printing\HpiUPPrn.dll
Iomega Sync --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F308C9D5-BADD-49D8-85D3-396B44D7AA36}
IomegaWare 4.0.2 --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
Java 2 Runtime Environment, SE v1.4.1_01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe" Anytext
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Matrox Graphics Software (remove only) --> C:\WINDOWS\System32\PDesk\PDUninst.exe
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft IntelliPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}\setup.exe" Uninstall
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (1.5.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.7 (en-US)"
MSN Messenger 6.1 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}
Plextor Manager 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Plextor2000\DeIsL1.isu" -c"C:\Program Files\Plextor2000\pxuninst.dll"
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.2 --> "C:\Program Files\Registry Mechanic\unins000.exe"
SafeCast Shared Components --> C:\WINDOWS\CDAC13BA.EXE /uninstall
SideWinder Force Feedback Wheel (USB) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninstall.dll"
SideWinder Precision 2 --> C:\WINDOWS\IsUninst.exe -f"C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\Precision 2\Uninst.isu" -c"C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\Precision 2\Uninstall.dll"
Syntrillium Tremolo DirectX Plug-In --> C:\Program Files\Syntrillium\DirectX\Tremolo\tremunin.exe
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Uninstall --> %SYSTEMROOT%\system32\osuninst.exe
WinZip --> "C:\PROGRAM FILES\WINZIP\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

-- End of ComboScan: finished at 2007-02-18 at 12:03:48 -------------------------

guestolo · « **Reply #1 on:** February 18, 2007, 08:17:22 PM »

Do you also have Hijackthis saved to a permanent folder
I want to see just a fresh log from it please, if you haven't done this yet, please do

Download Hijackthis and save it too a permanent folder
Follow these instructions
Download Hijackthis 1.99.1 from my signature below
SAVE it to your desktop

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here

Binto100 · « **Reply #2 on:** February 18, 2007, 10:31:42 PM »

Here it is - thanks. Bruce

Logfile of HijackThis v1.99.1
Scan saved at 7:18:12 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - system.ini: Shell=Explorer.exe c:\windows\system32\msiexec16.exe
F1 - win.ini: run=c:\windows\system32\msiexec16.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index.shtml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index.shtml?toolbar=yes (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: ChatSpace Full Java Client 3.1.0.219 - http://surechat.com:9000/Java/cfs31219.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157850221279
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36116.cab
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

guestolo · « **Reply #3 on:** February 18, 2007, 11:23:00 PM »

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
Close any programs you may have running - especially any web browsers.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

====Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need this later

==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color]

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected

CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F0 - system.ini: Shell=Explorer.exe c:\windows\system32\msiexec16.exe
F1 - win.ini: run=c:\windows\system32\msiexec16.exe

O9 - Extra button: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index.shtml?toolbar=yes (file missing)
O9 - Extra 'Tools' menuitem: WebMoney - {1A6BB370-9DB8-44d8-A336-C8F707E80A70} - http://www.wmtransfer.com/index.shtml?toolbar=yes (file missing)
O16 - DPF: ChatSpace Full Java Client 3.1.0.219 - http://surechat.com:9000/Java/cfs31219.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Find and delete this file
c:\windows\system32\msiexec16.exe <-this file, exact spelling

============================================
==Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
==================================================

Load AVG Anti-Spyware 7.5

Click on the Scanner tab at the top
Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I will need to see this log later

Restart the computer back to Normal windows

Back in Windows
Go ahead and install the latest version of Java from the installer you saved to desktop earlier

Post back the following
1. Post a fresh hijackthis log
2. Post the Whole report from AVG-Antispyware

Binto100 · « **Reply #4 on:** February 19, 2007, 09:11:30 PM »

[quote name=\'guestolo\' post=\'289115\' date=\'Feb 18 2007, 08:23 PM\']Your Java Runtime Environment is out of date.
==Download AVG Anti-Spyware 7.5

Do a "System scan only" with Hijackthis and put a check next to these entries:
Find and delete this file
c:\windows\system32\msiexec16.exe <-this file, exact spelling[/quote]

I downloaded the Java Runtime Environment (JRE) 6 but Add/Remover programs would not uninstall "Jave 2 Runtime Environment, SE v1.4.1_01"

I downloaded AVG Anti-Spyware 7.5 but when I go to update it will start and after a some downloading comes back with Error:XML parser error.

I ran ATF-Cleaner without issue.

"Find and delete this file
c:\windows\system32\msiexec16.exe <-this file, exact spelling"

This file does not exist on my computer.

Attached is my lastest hijack file. Many regards.

guestolo · « **Reply #5 on:** February 19, 2007, 09:38:35 PM »

Quote

I downloaded AVG Anti-Spyware 7.5 but when I go to update it will start and after a some downloading comes back with Error:XML parser error.

You have to make sure that you ALLOW AVG thru your Firewall, If unsure, temporarily disable your Firewall and try again

EDIT>>If your still having troubles
Manually save the AVG Antispyware updates from here
http://www.ewido.net/en/download/updates/

Install them then run AVG-Antispyware

TheTechGuide Forum

News:

Author Topic: Home Computer (Read 4833 times)

Binto100

Home Computer

guestolo

Home Computer

Binto100

Home Computer

guestolo

Home Computer

Binto100

Home Computer

guestolo

Home Computer