Author Topic: Possible Virus?? (Read 1090 times)

mark_kauf · « **on:** July 09, 2007, 09:54:12 AM »

Hi,

Any help would be greatly appreciated. As of a few days ago my machine has developed a few quirks. If I try to access "Add Remove Programs" it takes almost five minutes for it to launch, also when I Start and "Turn off the coputer" it takes almost five minutes for the next screen to appear. When it finally does appear and I click on Turn off , my machine can up to 10 minutes to finally turn off.

Is is a copy of my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:41:40 AM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

Thanks again!!

guestolo · « **Reply #1 on:** July 09, 2007, 07:17:53 PM »

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

mark_kauf · « **Reply #2 on:** July 10, 2007, 04:28:31 PM »

[quote name=\'guestolo\' post=\'353747\' date=\'Jul 9 2007, 06:17 PM\']Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]

Thanks for your help.

@BIOS
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
AdobeÂ® PhotoshopÂ® Album Starter Edition 3.0
Agnitum Outpost Firewall Pro
AT&T Labs' Natural Voices(tm) Desktop 1.2.1
ATI Multimedia Center 8.2.0.0
AVG 7.5
AX Remote Editor 1.0
Canon Camera Window for ZoomBrowser EX
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
Canon PhotoRecord
Canon Utilities FileViewerUtility 1.0
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.6
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Citrix ICA Web Client
DAO
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DMIView
Enable S3 for USB Device
Gigabyte Management Tools 2.0
Gigabyte Windows Utility Manager
HijackThis 1.99.1
ImageMixer VCD2
Intel® PRO Network Adapters and Drivers
Intel® PROSet
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_11
Java(tm) SE Runtime Environment 6 Update 1
LaCie Backup Software v1.5.2130
Macromedia Flash Player
Macromedia Shockwave Player
Medal of Honor Allied Assault
Medal of Honor Allied Assault US 1.10 Patch
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead Patch 2.15
Medal of Honor Pacific Assault(tm)
Medal of Honor Pacific Assault(tm) Patch
Medal of Honor Pacific Assault(tm) Patch2
Medieval - Total War (tm) - Viking Invasion (tm)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office Outlook Connector
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Moto Racer
Mozilla Firefox (2.0.0.4)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero - Burning Rom (Web installer)
NVDVD
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-14-24-01
OpenMG Secure Module 4.1.00
PhatNoise Music Manager
Picture Package
PowerDesk 5.0
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Sid Meier's Antietam
Sid Meier's Gettysburg!
Sid Meier's South Mountain Add-on
Sony USB Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger

guestolo · « **Reply #3 on:** July 10, 2007, 06:27:02 PM »

I see entries in your hijackthis log, but the programs not installed
I also see entries in your hijackthis uninstall list, but the programs aren't running?

Can you do the following
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- McAfee Real-time Scanner

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply it

Do the same for the next ones also
McAfee SystemGuards
Webroot Spy Sweeper Engine
Exit out of there

Access your add/remove programs and remove old version of Java
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_11

Reboot your computer

Back in Windows
Come back here and post a fresh hijackthis log

Also
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log that opens please

mark_kauf · « **Reply #4 on:** July 10, 2007, 08:03:16 PM »

[quote name=\'guestolo\' post=\'354573\' date=\'Jul 10 2007, 05:27 PM\']I see entries in your hijackthis log, but the programs not installed
I also see entries in your hijackthis uninstall list, but the programs aren't running?

Can you do the following
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- McAfee Real-time Scanner

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply it

Do the same for the next ones also
McAfee SystemGuards
Webroot Spy Sweeper Engine
Exit out of there

Access your add/remove programs and remove old version of Java
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_11

Reboot your computer

Back in Windows
Come back here and post a fresh hijackthis log

Also
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log that opens please[/quote]

Hi,

I received the following error when trying to disable McAfee Real-time Scanner:
--unable to open service McShield for writing on local computer. Error 5 access is denied.

The service was not running. I was allowed to disable both other services.

New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 8:36:31 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

COMBOFIX LOG

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\kaufmh\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))

2007-07-10 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 10:11 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
2007-07-10 10:11 <DIR> d-------- C:\Program Files\Agnitum
2007-07-09 14:02 <DIR> d-------- C:\DOCUME~1\kaufmh\APPLIC~1\Comodo
2007-07-09 14:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-09 10:09 <DIR> d-------- C:\HJT
2007-07-09 09:30 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-07-07 19:39 <DIR> d-------- C:\Program Files\CCleaner
2007-07-07 16:52 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-06 20:35 <DIR> d-------- C:\DOCUME~1\kaufmh\APPLIC~1\Uniblue
2007-07-06 20:29 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-06 16:17 40,960 --a------ C:\WINDOWS\system32\gbtgmt.dll
2007-07-06 16:17 28,672 --a------ C:\WINDOWS\system32\UninstGMT.dll
2007-07-06 16:17 <DIR> d-------- C:\WINDOWS\system32\gmtdriver200
2007-07-06 16:16 28,672 --a------ C:\WINDOWS\system32\ungwum.dll
2007-07-06 16:10 <DIR> d-------- C:\RC
2007-07-05 20:57 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot(2)
2007-07-05 19:17 9,216 --a------ C:\WINDOWS\system32\avgwlntf(2).dll
2007-07-05 18:39 <DIR> d--hs---- C:\WINDOWS\CSC
2007-07-05 18:16 <DIR> d-------- C:\DOCUME~1\kaufmh\APPLIC~1\SoftwareDetectionScripts
2007-07-05 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\temp
2007-07-05 18:09 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-05 18:09 <DIR> d-------- C:\DOCUME~1\kaufmh\APPLIC~1\Webroot
2007-07-05 18:08 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2007-07-05 18:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-05 16:44 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-01 15:38 6,291,456 --a------ C:\DOCUME~1\kaufmh\ntuser.dat
2007-07-01 15:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-30 15:53 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-30 15:47 <DIR> d-------- C:\DOCUME~1\kaufmh\APPLIC~1\Verizon
2007-06-30 15:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Verizon
2007-06-29 11:15 <DIR> d-------- C:\WINDOWS\system32\Lang

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 13:19:07 -------- d-----w C:\Program Files\Yahoo!
2007-07-07 14:29:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-07 01:40:39 -------- d-----w C:\DOCUME~1\kaufmh\APPLIC~1\Lavasoft
2007-07-06 21:18:40 -------- d-----w C:\Program Files\Gigabyte
2007-07-06 20:38:03 -------- d-----w C:\Program Files\VCOM
2007-07-06 19:49:04 -------- d-----w C:\Program Files\Verizon
2007-07-06 19:48:43 -------- d-----w C:\Program Files\Common Files\Motive
2007-07-05 22:08:54 -------- d-----w C:\Program Files\Windows NT
2007-05-22 21:42:41 -------- d-----w C:\DOCUME~1\kaufmh\APPLIC~1\DivX
2007-05-22 20:49:12 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-21 02:38:02 -------- d-----w C:\DOCUME~1\kaufmh\APPLIC~1\McAfee
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-09 09:30]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 15:12 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-03 01:46]
"PNAgent"="C:\Program Files\PhatNoise Music Manager\PNAgent.exe" [2003-09-24 02:03]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-07-09 09:30 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 20:45:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 20:47:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-10 20:47

guestolo · « **Reply #5 on:** July 10, 2007, 11:05:13 PM »

I think the biggest problem now is that you have/had a few security programs that didn't uninstall properly

Note: McAfee, are you able to follow the instructions posted here?
http://tools.mcafeehelp.com/doc.php?siteid...mp;docid=419397
For complete uninstallation
Editing the registry to remove some keys is not for everyone
Make a backup first

Note: I also need to know the following
You appeared to have Webroot's SpySweeper installed earlier, but it did not uninstall properly
If it is no longer installed, I suggest that you redownload the trial version,
Install it>>and then Uninstall it
Reboot afterwards

Note : AVG7, You appear to be using AVG7 Antivirus ONLY
Did you at one time try AVG7 plus Firewall? Your log indicates it
Are you now running just AVG free Anti-Virus software?

Note: I see Outpost firewall is running as should, can you verify it's running properly please

Note: Can you use Internet Explorer and manually visit Windows Updates and see if you can access the site properly
Accessed from TOOLS>>Windows Update
Use the Express scan and see if there are any high priorities
Let me know if you are able to do so

mark_kauf · « **Reply #6 on:** July 11, 2007, 01:25:13 PM »

[quote name=\'guestolo\' post=\'354656\' date=\'Jul 10 2007, 10:05 PM\']I think the biggest problem now is that you have/had a few security programs that didn't uninstall properly

Note: McAfee, are you able to follow the instructions posted here?
http://tools.mcafeehelp.com/doc.php?siteid...mp;docid=419397
For complete uninstallation
Editing the registry to remove some keys is not for everyone
Make a backup first

Note: I also need to know the following
You appeared to have Webroot's SpySweeper installed earlier, but it did not uninstall properly
If it is no longer installed, I suggest that you redownload the trial version,
Install it>>and then Uninstall it
Reboot afterwards

Note : AVG7, You appear to be using AVG7 Antivirus ONLY
Did you at one time try AVG7 plus Firewall? Your log indicates it
Are you now running just AVG free Anti-Virus software?

Note: I see Outpost firewall is running as should, can you verify it's running properly please

Note: Can you use Internet Explorer and manually visit Windows Updates and see if you can access the site properly
Accessed from TOOLS>>Windows Update
Use the Express scan and see if there are any high priorities
Let me know if you are able to do so[/quote]

Hi,

Thanks for all of your help so far.

I was able to remove McAfee and Spysweeper.

I am currently running AVG7 Anti-virus with Outpost as my Firewall. I believe I tried AVG firewall but had some issues getting it to work probably so I switched to Outpost.

I was not able to connect to the Windows Update site through Internet Explorer, the page refused to load.

Last night I ran a spyware scan that came with Outpost and it found a Trojan named BZUB. I had the program remove it.

guestolo · « **Reply #7 on:** July 11, 2007, 06:38:00 PM »

Let's try the following
As mentioned, I thought you had AVG + Firewall installed
and it doesn't look like it completely got removed

This could cause conflicts with Outpost firewall and slow your system

Can you do the following

Go to this link
http://www.grisoft.com/doc/51/us/crp/0/num/177#faq_264
Take note of faq #264
How to un-install AVG Plus Firewall

Download the installer and choose the Uninstall option
Ensure that you reboot the computer after you are done

Afterwards
IF you were running the free edition of AVG AV
You can redownload it from this location
http://free.grisoft.com/doc/download-free-...-virus/us/frt/0

Install and update and run a complete system scan afterwards
Reboot again

Back in Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

Optionally, tick the next ones too, they do not need to run on startup, this is up to you

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Quote

Speeds up the time it takes to load the Adobe_Reader
Your choice but not required for Adobe Reader to function properly

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Quote

Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer again

Back in Windows

Use Internet Explorer and try visiting Windows Updates again
Any luck?
Give it time to load and install the Genuine advantage if prompted

Also come back here and post a fresh hijackthis log

mark_kauf · « **Reply #8 on:** July 12, 2007, 01:09:03 PM »

[quote name=\'guestolo\' post=\'355167\' date=\'Jul 11 2007, 05:38 PM\']Let's try the following
As mentioned, I thought you had AVG + Firewall installed
and it doesn't look like it completely got removed

This could cause conflicts with Outpost firewall and slow your system

Can you do the following

Go to this link
http://www.grisoft.com/doc/51/us/crp/0/num/177#faq_264
Take note of faq #264
How to un-install AVG Plus Firewall

Download the installer and choose the Uninstall option
Ensure that you reboot the computer after you are done

Afterwards
IF you were running the free edition of AVG AV
You can redownload it from this location
http://free.grisoft.com/doc/download-free-...-virus/us/frt/0

Install and update and run a complete system scan afterwards
Reboot again

Back in Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

Optionally, tick the next ones too, they do not need to run on startup, this is up to you

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer again

Back in Windows

Use Internet Explorer and try visiting Windows Updates again
Any luck?
Give it time to load and install the Genuine advantage if prompted

Also come back here and post a fresh hijackthis log[/quote]

Hi,

I uninstalled and reinstatlled as per your instructions. I still am unable to access Windows Update through Internet Explorer.

New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:05:15 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\PhatNoise Music Manager\PNAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PNAgent] "C:\Program Files\PhatNoise Music Manager\PNAgent.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Thanks again!!

guestolo · « **Reply #9 on:** July 12, 2007, 07:19:09 PM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Can you ensure that in the Windows Control Panel that Automatic updates is set properly and not disabled
Let me know if that helps
If not, can you give me any error messages you receive when you visit Windows updates

mark_kauf · « **Reply #10 on:** July 12, 2007, 09:50:09 PM »

[quote name=\'guestolo\' post=\'355851\' date=\'Jul 12 2007, 06:19 PM\']Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Can you ensure that in the Windows Control Panel that Automatic updates is set properly and not disabled
Let me know if that helps
If not, can you give me any error messages you receive when you visit Windows updates[/quote]

Hi,

When I tried to access Window's Security Center it took about 10min for the screen to finally populate. Once it did I was able to turn on automatic updates. When I tried to visit the website it took Explorer about 5 min to load the page, when it was finished I tried both Express and Custom updates but was unsuccessful. I tried to refresh the page and also cleared my cache. I received the following error:

The website has encountered a problem and cannot display the page you are trying to view. Take the following steps to try solving the problem:

Refresh the page.
In Internet Explorer, delete your Temporary Internet Files by going to the Tools menu and clicking Internet Options.
Close and then re-open Internet Explorer.

Thanks again!

guestolo · « **Reply #11 on:** July 12, 2007, 09:56:26 PM »

Can you try disabling your Firewall temporarily, visit Windows Updates
Does that help?

mark_kauf · « **Reply #12 on:** July 14, 2007, 12:39:22 AM »

[quote name=\'guestolo\' post=\'355931\' date=\'Jul 12 2007, 08:56 PM\']Can you try disabling your Firewall temporarily, visit Windows Updates
Does that help?[/quote]

Hi,

No luck, it still won't connect.

guestolo · « **Reply #13 on:** July 14, 2007, 09:10:26 PM »

Try this
Download Dial-a-fix v0.60.0.24
From this link
http://djlizard.net.nyud.net:8080/software...-v0.60.0.24.zip
Or this link
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
Extract the contents to it's own folder on your desktop

Open the new folder and double click on Dial-a-Fix.exe
In the main Windows put a tick in
Fix Windows Update
Also, put tick in
Empty temp folders

Close down all browser windows, including this one
Then click GO in Dial A fix
Follow the prompts and allow it to finish
Reboot your computer

See if that helps

mark_kauf · « **Reply #14 on:** July 17, 2007, 05:27:34 PM »

[quote name=\'guestolo\' post=\'357196\' date=\'Jul 14 2007, 08:10 PM\']Try this
Download Dial-a-fix v0.60.0.24
From this link
http://djlizard.net.nyud.net:8080/software...-v0.60.0.24.zip
Or this link
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
Extract the contents to it's own folder on your desktop

Open the new folder and double click on Dial-a-Fix.exe
In the main Windows put a tick in
Fix Windows Update
Also, put tick in
Empty temp folders

Close down all browser windows, including this one
Then click GO in Dial A fix
Follow the prompts and allow it to finish
Reboot your computer

See if that helps[/quote]

Hi,

I ran the program but it came back with an error:
Error during registration of C:\WINDOWS\system32\wuaueng.dll - version: 7.0.6000.374. The error returned is: The specified service has been marked for deletion.
(-2147023824)

I tried to connect to windows update but it would not work.

guestolo · « **Reply #15 on:** July 17, 2007, 05:36:12 PM »

Can you try Exactly the same steps with Dial-a-Fix but do it in Safe mode
Save the instructions to a text file or Print them out
I seen another user have this problem and that solved the problem

mark_kauf · « **Reply #16 on:** July 18, 2007, 11:14:35 AM »

[quote name=\'guestolo\' post=\'358704\' date=\'Jul 17 2007, 04:36 PM\']Can you try Exactly the same steps with Dial-a-Fix but do it in Safe mode
Save the instructions to a text file or Print them out
I seen another user have this problem and that solved the problem[/quote]

Hi,

I was able to run the program in safe mode without any errors. When I started back up though I was still unable to connect to Windows Updates.

Mark

guestolo · « **Reply #17 on:** July 18, 2007, 07:54:37 PM »

Quote

When I started back up though I was still unable to connect to Windows Updates.

Is it the same error message?

If you open Auto updates in Control panel it should be set to Automatic

Also, WGA was corrupt earlier
Can you visit and validate your copy again, allow the ActiveX control to install
http://www.microsoft.com/genuine/
See if that helps

TheTechGuide Forum

News:

Author Topic: Possible Virus?? (Read 1090 times)

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??

mark_kauf

Possible Virus??

guestolo

Possible Virus??