Karl`s PC Help Forums

Kernel32x.SYS, SysFader, Issas.exe
SoeMyatThu - 18-5-2008 at 04:36

1. Computer Info:
HP Media Center PC m7250n, 820 Intel Pentium D Processor 2.80 GHz, 1.0 GB memory, 250GB hard drive, Windows XP Professional

2. Problems:

(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

(4) Windows Security Center (Security Essentials)

3. The computer has been able to have access to the Internet since 17 MAY 08 SAT morning. (It did not have access to the Internet from 13 MAY 08 TUE to 16 MAY 08 FRI.)

4. The HikackThis log is hereby attached.


SoeMyatThu - 18-5-2008 at 05:28

[quote][i]Originally posted by SoeMyatThu[/i]
1. Computer Info:
HP Media Center PC m7250n, 820 Intel Pentium D Processor 2.80 GHz, 1.0 GB memory, 250GB hard drive, Windows XP Professional

2. Problems:

(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

(4) Windows Security Center (Security Essentials)

3. The computer has been able to have access to the Internet since 17 MAY 08 SAT morning. (It did not have access to the Internet from 13 MAY 08 TUE to 16 MAY 08 FRI.)

4. The HikackThis log is hereby attached. [/quote]



I am not sure whether I need to post the HihackThis log as an attachment. If I should not attach it, here is the log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:28 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSExplorer.EXE
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSeHomeehmsas.exe
C:program filescommon filesinstallshieldupdateserviceissch.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
c:PROGRA~1mcafeemscmcshell.exe
C:HPKBDKBD.EXE
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
c:windowssystemhpsysdrv.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - A68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
O4 - HKLM..Run: [mcinfo_1209839008] C:DOCUME~1HP_ADM~1LOCALS~1Tempmcinfo_1209839008.exe /insfin
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12922 bytes


hawklord - 18-5-2008 at 08:33

hi,

please download and install this, its a temporary file cleaner

http://files1.majorgeeks.com/files/d6b5b6924f7f8118104cd3e3921deeac/drives/ccsetup207_slim.exe

leave all settings at default,

update mcafee, ad-aware, defender,

now restart your computer into safe mode, to do this -

shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message.
To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter.
The computer then begins to start in Safe mode.
Login on your usual account.

now run mcafee, adaware and defender,
clean anything they find,

open ccleaner
Select the following:
Check everything under the Internet Explorer section.
Check everything under the Windows Explorer section.
Check everything under the System section.
Check ONLY Old Prefetch data under the Advanced section.
Then, click the Applications tab:
UNCHECK everything there.
Next, click the Options button, then click the Advanced button:
UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Click on the anylyze button
Wait for the scan to finish
Click on the run cleaner button
Reboot into normal windows

CAUTION Please do NOT use the Issues button. This is a built-in registry cleaner. If you dont know how to use it, you may cause irreparable damage to your system.

post a fresh hijackthis log


SoeMyatThu - 18-5-2008 at 14:39

[quote][i]Originally posted by hawklord[/i]
hi,

please download and install this, its a temporary file cleaner

http://files1.majorgeeks.com/files/d6b5b6924f7f8118104cd3e3921deeac/drives/ccsetup207_slim.exe

leave all settings at default,

update mcafee, ad-aware, defender,

now restart your computer into safe mode, to do this -

shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the [b]F8[/b] key. The Windows Advanced Options Menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message.
To resolve this, restart the computer and try again.
Ensure that the [b]Safe Mode[/b] option is selected.
Press [b]Enter[/b].
The computer then begins to start in Safe mode.
Login on your usual account.

now run mcafee, adaware and defender,
clean anything they find,

open ccleaner
Select the following:
Check everything under the Internet Explorer section.
Check everything under the Windows Explorer section.
Check everything under the System section.
Check ONLY Old Prefetch data under the Advanced section.
Then, click the Applications tab:
UNCHECK everything there.
Next, click the Options button, then click the Advanced button:
UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Click on the [b]anylyze[/b] button
Wait for the scan to finish
Click on the [b]run cleaner[/b] button
Reboot into normal windows

[b]CAUTION[/b] Please do [b]NOT[/b] use the Issues button. This is a built-in registry cleaner. If you dont know how to use it, you may cause irreparable damage to your system.

post a fresh hijackthis log [/quote]


1.1 "Windows Security Center" is my No.1 Startup now! Every time I start the computer, this screen splashes!

1.2 The System Shutdown (Isass.exe) appears approximately every two hours and shut down the computer.

1.3 The other two -- "Your system is unstable" (Kermel32x.SYS) and "SysFader: IEE7EXPLORER.EXE" (Application Fatal Error) appear at least once in betwen the System Shutdowns.


2.1 I could not run McAfree in safe mode.

2.2 I started to run Ad-Aware 2007 in safe mode at about 7:36 am. It took 01:07:00 hours to finish it.

2.3 I started to run Windows Defender at 7:45 am. The System Shutdown happened at about 8:40 am.

2.4 I started Windows Defender afain at 8:45 am.

2.5 The System Shutdown happened again at 9:56 am.

2.6 I started CCleaner and it did niot take long to finish it. It finished at 10;12 AM.

3. In normal mode, I ran HijackThis.

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:04 AM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:WINDOWSExplorer.EXE
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSehomeehtray.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:program filescommon filesinstallshieldupdateserviceissch.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:PROGRA~1McAfeeMPSmps.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:PROGRA~1McAfeeMSCmcupdmgr.exe
C:WINDOWSsystem32wuauclt.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - A68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
O4 - HKLM..Run: [mcinfo_1209839008] C:DOCUME~1HP_ADM~1LOCALS~1Tempmcinfo_1209839008.exe /insfin
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12833 bytes

4. I will try to run McAfee and Windows Defender again later.


hawklord - 18-5-2008 at 19:43

hi,

download this to your desktop

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

boot your computer into Safe Mode by doing the following:


shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message.
To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter.
The computer then begins to start in Safe mode.
Login on your usual account.

double-click on the SmitFraudfix icon that is on your desktop


When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.


Press the number 2 on your keyboard and then enter to choose the option Clean (safe mode recommended).


The program will start cleaning your computer and go through a series of cleanup processes.
When it is done, it will automatically start the Disk Cleanup program
This program will remove all Temp, Temporary Internet Files and other files that may be leftover files from this infection.
This process can take up to a few hours depending on your computer, so please be patient.
When it is complete, it will close automatically and you should continue with the next step


When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n).
At this screen you should press the Y button on your keyboard and then press enter.



When this last routine is finished, you will be presented with a red screen stating that your Computer will reboot now.
Close all applications.
You should now press the spacebar on your computer.
A counter will appear stating that the computer will reboot in 15 seconds.
Do not cancel this countdown and allow your computer to reboot.

Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
click on file, at the top, then 'save as' and save to your desktop, close the Notepad screen.
this may be needed later.

post a fresh hijackthis log


SoeMyatThu - 19-5-2008 at 23:21

[quote][i]Originally posted by hawklord[/i]
hi,

download this to your desktop

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

boot your computer into Safe Mode by doing the following:


shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the [b]F8[/b] key. The Windows Advanced Options Menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message.
To resolve this, restart the computer and try again.
Ensure that the [b]Safe Mode[/b] option is selected.
Press [b]Enter[/b].
The computer then begins to start in Safe mode.
Login on your usual account.

double-click on the SmitFraudfix icon that is on your desktop


When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.


Press the number 2 on your keyboard and then enter to choose the option Clean (safe mode recommended).


The program will start cleaning your computer and go through a series of cleanup processes.
When it is done, it will automatically start the Disk Cleanup program
This program will remove all Temp, Temporary Internet Files and other files that may be leftover files from this infection.
This process can take up to a few hours depending on your computer, so please be patient.
When it is complete, it will close automatically and you should continue with the next step


When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n).
At this screen you should press the Y button on your keyboard and then press enter.



When this last routine is finished, you will be presented with a red screen stating that your Computer will reboot now.
Close all applications.
You should now press the spacebar on your computer.
A counter will appear stating that the computer will reboot in 15 seconds.
Do not cancel this countdown and allow your computer to reboot.

Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
click on file, at the top, then 'save as' and save to your desktop, close the Notepad screen.
this may be needed later.

post a fresh hijackthis log [/quote]

====

I did according to your instruction. When the time came for the log of HijackThis, it was not responding. So I cannot send you the log. I will be waiting for a while, and if it keeps unresponsive, I will have to force-quit it.

-


SoeMyatThu - 20-5-2008 at 07:25

[quote][i]Originally posted by SoeMyatThu[/i]

====

I did according to your instruction. When the time came for the log of HijackThis, it was not responding. So I cannot send you the log. I will be waiting for a while, and if it keeps unresponsive, I will have to force-quit it.

- [/quote]

=====xxxoxxx=====

As I said earlier, the HijackThis log was unresponding and I had to force-quit it.

I hereby reproduce the the SmitFraudFix notepad log, in case it is useful in the analysis of the problem.

SmitFraudFix v2.320

Scan done at 18:14:47.21, Mon 05/19/2008
Run from C:SmartFraudFixSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost
127.0.0.1 multitrader.info
127.0.0.1 reggame.biz
127.0.0.1 tele-globus.biz
127.0.0.1 newasp.com.cn
127.0.0.1 mygolddinar.com
127.0.0.1 xfatum.com
127.0.0.1 think-adz2.com
127.0.0.1 daoway.biz
127.0.0.1 school-172.info
127.0.0.1 http://test.just.f1del.net/limbo/mail.php
127.0.0.1 lem0n.info
127.0.0.1 fuckingwhitehats.com
127.0.0.1 supra-hosting.info
127.0.0.1 i-nt-e-r-n-e-t.com

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS

HKLMSYSTEMCCSServicesTcpip..{951AA5C4-F624-4561-9AAC-F1BD128EE45F}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLMSYSTEMCS1ServicesTcpip..{951AA5C4-F624-4561-9AAC-F1BD128EE45F}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLMSYSTEMCS3ServicesTcpip..{951AA5C4-F624-4561-9AAC-F1BD128EE45F}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=68.87.74.162 68.87.68.162


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


SoeMyatThu - 20-5-2008 at 08:03

I tried once again running SmitFraudFix. Again, the HihackThis was unresponsive.


SoeMyatThu - 20-5-2008 at 08:30

1. The No. 3 Problem (System Shutdown) is one of the worst problems.

The full message is:

System Shutdown
This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. The shutdown was initiated by DALLIANHP_Administrator.

The shutdown 00:0016

Critical system error. Process: Isass.exe, module: kernel321.dll at address 0X78221981. Instruction is referenced memory at 0x00000000. Null pointer exception.

===

"The shutdown 00:00:16" is not the exact message. I did not copy it quickly enough. 00:00:16 is 16 seconds (hour:minute:second). 50 or 60 seconds was given, and it counts down to 1. Then the system shuts down.

I am not sure whether it is Isass (capital I) or lsass (small L).


2. Another error message:

Explorer.EXE - Application Error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Ciick on OK to terminate the program
Click on CANCEL to debug the progam
[OK] [Cancel]

3. Internet Explorer and Firefox cannot access the Internet.

4. Fortunately, Safari can access the Internet.


hawklord - 20-5-2008 at 08:36

hi,

how do you mean hijackthis is unresponsive ?

can you navigate to here

C:Program FilesTrend MicroHijackThis

and double click on the icon thats in the picture below, let me know what happens


hawklord - 20-5-2008 at 12:53

also, can you

open 'control panel'
double click on 'system'
click on the 'advanced' tab
under the start up and recovery section, click on 'settings'
under the system failure section, untick 'automatically restart'
click on all the ok's

the next time your system tries to shut down, it may go to a blue screen (b.s.o.d), please write the shutdown error and post it,

also can you download, install, update and run this, its avg anti-spyware

http://files1.majorgeeks.com/files/77d2afcb31f6493e350fca61764efb9a/spyware/avgas-setup-7.5.1.43-3339.exe


SoeMyatThu - 20-5-2008 at 21:03

[quote][i]Originally posted by hawklord[/i]
hi,

how do you mean hijackthis is unresponsive ?

can you navigate to here

C:Program FilesTrend MicroHijackThis

and double click on the icon thats in the picture below, let me know what happens [/quote]

==xx==

Yes, I can navigate to C:Program FilesTrend MicroHijackThis

I ran HijackThis. It was launched. I could see 23 lines. At this point, HijackThis froze. It said:
Trend Micro HijackThis - v2.0.2 (Not Responding)

I could not see lines below the 23rd line.


SoeMyatThu - 21-5-2008 at 02:08

[quote][i]Originally posted by hawklord[/i]
also, can you

open 'control panel'
double click on 'system'
click on the 'advanced' tab
under the start up and recovery section, click on 'settings'
under the system failure section, untick 'automatically restart'
click on all the ok's

the next time your system tries to shut down, it may go to a blue screen (b.s.o.d), please write the shutdown error and post it,

also can you download, install, update and run this, its avg anti-spyware

http://files1.majorgeeks.com/files/77d2afcb31f6493e350fca61764efb9a/spyware/avgas-setup-7.5.1.43-3339.exe [/quote]

===XOX===

I unticked 'automatically restart'

Now, when the 'System Shutdown' appreared, the whole system did not shut down; only the applications being launched shut down.

I ran AVG Antis-spyware.

PROGRESS
Scanned objects: 873,751
Skipped objects: 0
Infected objects: 66
Scan started at 5/20/2006 6:47:24 pm
Elapsed time: 3h 09 m 13 sec
Currently ??? [I could not read my handwriting!!!]
C:WINOWSsystems321031u.exe

The scanning was stuck at C:WINOWSsystems321031u.exe
It could not go on. The meter showed that it was only half-way.

Then the 'System Shutdown' message appeared, and the AVG Anti-spyware quit.

An on-screen message appeared, asking whether I wanted to quit Safari. I clicked No. And surprisingly Safari stays on. And I can write this posting.

How should I proceed? What is C:WINOWSsystems321031u.exe?


SoeMyatThu - 21-5-2008 at 06:24

I have not been successful in running AVG Anti-Spyware ('System Shutdown' interrupted it).

HijackThis is working this time:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:15 AM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAlwil SoftwareAvast4setupavast.setup
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSexplorer.exe
C:HPKBDKBD.EXE
c:windowssystemhpsysdrv.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - A68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 14134 bytes


SoeMyatThu - 21-5-2008 at 18:41

With Windows in NORMAL MODE, I ran AVG Anti-spyware 7.5. When I ran it for Complete System Scan, it used to be interrupted by that 'System Shutdown'. So I ran it first for Registry Scan. Then for Memory Scan. Then for Fast System Scan.

With Windows in NORMAL MODE, I ran Avast 4.8 Home Edition. When ran it for Thorough Scan, it used to be interrupted by that 'System Shutdown'. So I ran it for Quick Scan.

Then I ran HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:45 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSehomeehtray.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesMcAfeeMPSmpsevh.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSSystem32svchost.exe
C:HPKBDKBD.EXE
c:windowssystemhpsysdrv.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSexplorer.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - A68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 14219 bytes


hawklord - 21-5-2008 at 20:07

how many anti-virus do you have ? i can see 2,
please uninstall one completely,
having 2 or more active anti-virus programs can cause more problems than it seems to fix,

next open hijackthis and click on do a system scan only
then place a check in the box relevant to these lines,

O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - A68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)

close all browser windows (including this one) and click on fix checked, ok the prompts,

post a fresh hijackthis log


SoeMyatThu - 21-5-2008 at 20:09

Internet Explorer 7

As the Internet Explorer cannot access the Internet, I am unable to do Windows Update using my friend's computer. How can make the Internet Explorer access the Internet?


SoeMyatThu - 21-5-2008 at 21:05

[quote][i]Originally posted by hawklord[/i]
how many anti-virus do you have ? i can see 2,
please uninstall one completely,
having 2 or more active anti-virus programs can cause more problems than it seems to fix,

next open hijackthis and click on [b]do a system scan only[/b]
then place a check in the box relevant to these lines,

O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - A68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)

close all browser windows (including this one) and click on [b]fix checked[/b], ok the prompts,

post a fresh hijackthis log [/quote]

==xxoxx==

I uninstalled Avast 4.8 Home Edition and Avira AntiVir. I retain McAfee Internet Security (which includes McAfee VirusScan).

Here is a fresh HihackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:02 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1McAfeeMPSmps.exe
C:Program FilesMcAfeeMPSmpsevh.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:HPKBDKBD.EXE
c:windowssystemhpsysdrv.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSexplorer.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32drwtsn32.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12893 bytes


SoeMyatThu - 21-5-2008 at 21:09

Dear hawklord,

I found out that Interner Explorer and Firefox can access the Internet now. Thank you very much.


SoeMyatThu - 21-5-2008 at 22:20

==

I forgot to mention another error message:

Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory



Here is a list of persistent problematic onscreen messages are:



(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

(4) Windows Security Center (Security Essentials)

(5) Explorer.EXE - Application Error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Ciick on OK to terminate the program
Click on CANCEL to debug the progam
[OK] [Cancel]

(6) Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]

==


SoeMyatThu - 21-5-2008 at 22:22

==

I forgot to mention another error message:

Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]



Here is a list of persistent problematic onscreen messages:



(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

(4) Windows Security Center (Security Essentials)

(5) Explorer.EXE - Application Error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Ciick on OK to terminate the program
Click on CANCEL to debug the progam
[OK] [Cancel]

(6) Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]


==


SoeMyatThu - 22-5-2008 at 03:37

[quote][i]Originally posted by SoeMyatThu[/i]
==

I forgot to mention another error message:

Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]



Here is a list of persistent problematic onscreen messages:



(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

(4) Windows Security Center (Security Essentials)

(5) Explorer.EXE - Application Error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Ciick on OK to terminate the program
Click on CANCEL to debug the progam
[OK] [Cancel]

(6) Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]


== [/quote]

When I ran AIM, I got the following error message:

(7) aim6.exe - Application error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "read".

Click on OK to terinate the program
Click on CANCEL to debug the program

==


hawklord - 22-5-2008 at 12:58

hi,

please download this to your desktop

http://download1us.softpedia.com/dl/8948e954d9d30dec2f75c6b6e6f303bb/48356c4c/100048738/software/antivirus/avgarkt-setup-1.1.0.4 2.exe

install using the default settings
when istallation is complete you will be prompted to restart your pc - allow this,
double click on the shortcut on your desktop,
choose the search for rootkits button,
let me know if any were found


SoeMyatThu - 22-5-2008 at 16:20

[quote][i]Originally posted by hawklord[/i]
hi,

please download this to your desktop

http://download1us.softpedia.com/dl/8948e954d9d30dec2f75c6b6e6f303bb/48356c4c/100048738/software/antivirus/avgarkt-setup-1.1.0.42.exe

install using the default settings
when istallation is complete you will be prompted to restart your pc - allow this,
double click on the shortcut on your desktop,
choose the [b]search for rootkits[/b] button,
let me know if any were found [/quote]

==xxoxx==

AVG Anti-Toolkit did not detect any problem.
I did both "Seach for Rootkits" and "Seach In-Depth".

The HijackThis log is here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:41 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
c:PROGRA~1mcafeemscmcuimgr.exe
C:WINDOWSexplorer.exe
C:HPKBDKBD.EXE
C:Program FilesSafariSafari.exe
c:windowssystemhpsysdrv.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12857 bytes

==


hawklord - 22-5-2008 at 19:33

hi,

you may want to print these instructions or save to notepad on your desktop, as you may need them for reference

please uninstall avg anti-rootkit, as it is no longer needed,

then open hijackthis and click on do a system scan only
tick the boxes relevant to these lines

O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)

close all browser windows, including this one

then click on fix checked

please reboot into safe mode, to do this

shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message.
To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter.
The computer then begins to start in Safe mode.
Login on your usual account.

we need to view all the files and folders on your pc and known file extensions, to do this

click Start
open My Computer
select the Tools menu and click Folder Options
select the View Tab
uncheck the Hide extensions known file types option
under the Hidden files and folders heading select Show hidden files and folders
uncheck the Hide protected operating system files (recommended) option
click Yes to confirm
click OK

then can you navigate to this location

C:WINDOWSSYSTEM32 and find and delete

vwsstemb.dll
.4e1945fb

then exit to your desktop and empty your recycle bin
reboot into normal mode and post a fresh hijackthis log


SoeMyatThu - 22-5-2008 at 23:08

[quote][i]Originally posted by hawklord[/i]
hi,

you may want to print these instructions or save to notepad on your desktop, as you may need them for reference

please uninstall avg anti-rootkit, as it is no longer needed,

then open hijackthis and click on [b]do a system scan only[/b]
tick the boxes relevant to these lines

O2 - BHO: (no name) - @49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - 8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - @59F4A-B191-42d7-905A-594F8CF0387B} - (no file)
O2 - BHO: (no name) - AJ - (no file)
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)

close all browser windows, including this one

then click on [b]fix checked[/b]

please reboot into safe mode, to do this

shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the [b]F8[/b] key. The Windows Advanced Options Menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message.
To resolve this, restart the computer and try again.
Ensure that the [b]Safe Mode[/b] option is selected.
Press [b]Enter[/b].
The computer then begins to start in Safe mode.
Login on your usual account.

we need to view all the files and folders on your pc and known file extensions, to do this

click [b]Start[/b]
open [b]My Computer[/b]
select the [b]Tools[/b] menu and click [b]Folder Options[/b]
select the [b]View[/b] Tab
uncheck the [b]Hide extensions known file types[/b] option
under the Hidden files and folders heading select [b]Show hidden files and folders[/b]
uncheck the [b]Hide protected operating system files (recommended)[/b] option
click [b]Yes[/b] to confirm
click [b]OK[/b]

then can you navigate to this location

C:WINDOWSSYSTEM32 and find and delete

[b]vwsstemb.dll[/b]
[b].4e1945fb[/b]

then exit to your desktop and empty your recycle bin
reboot into normal mode and post a fresh hijackthis log [/quote]


==xxoxx==

1. I was successful in deleting the .4e1945fb folder.

2. I was not successful in deleting the vwsstem.dll file.

An onscreen message appeared:

==

Error Deleting File or Folder

Cannot delete vwsstemb:
Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.

==

The HijackThis log is hereunder:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:40 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSehomeehtray.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesMcAfeeMPSmpsevh.exe
c:PROGRA~1mcafee.comagentmcagent.exe
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSexplorer.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: vwsstemb - C:WINDOWSSYSTEM32vwsstemb.dll
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12817 bytes

==


hawklord - 22-5-2008 at 23:26

hi,

open hijackthis and click on the open the misc tools section button
then click on the delete a file on reboot... button

in the window that opens, use the 'look in' drop down box and navigate to the entry in bold text

C:WINDOWSSYSTEM32vwsstemb.dll

highlight it in the main window and click 'open'

you will see a window similar to the picture i have posted
click on yes

when your pc restarts empty your recycle bin, update and run your scans and post a fresh log


SoeMyatThu - 23-5-2008 at 00:41

[quote][i]Originally posted by hawklord[/i]
hi,

open hijackthis and click on the [b]open the misc tools section[/b] button
then click on the [b]delete a file on reboot...[/b] button

in the window that opens, use the 'look in' drop down box and navigate to the entry in bold text

C:WINDOWSSYSTEM32[b]vwsstemb.dll[/b]

highlight it in the main window and click 'open'

you will see a window similar to the picture i have posted
click on [b]yes[/b]

when your pc restarts empty your recycle bin, update and run your scans and post a fresh log [/quote]


==xxoxx==


I did according to your instruction. When the computer rebooted, the Recycle Bin did not contain anything. But the vwsstemb.dll no longer existed in the SYSTEM 32 folder.

I found out that the 'Windows Security Center' (Problem Message #4) is no longer there as a startup. Thank you very much. I have not checked the other login accounts. On the computer, there are 4 login accounts.

The other problem messages are still there, especially Problem Message #5 (Explorer.exe - Application Error)

==
Here is a list of persistent problematic onscreen messages:


(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

(4) Windows Security Center (Security Essentials) [No more a problem, I hope.]

(5) Explorer.EXE - Application Error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Ciick on OK to terminate the program
Click on CANCEL to debug the progam
[OK] [Cancel]

(6) Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]

(7) aim6.exe - Application error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "read".

Click on OK to terinate the program
Click on CANCEL to debug the program

==

Herender is the HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:55 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesMcAfeeMPSmpsevh.exe
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe
C:WINDOWSehomeehtray.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32wuauclt.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSexplorer.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32wm1dap.dll (file missing)
O23 - Service: Microsoft DDE+ server (4e1945fb) - Unknown owner - C:WINDOWSsystem32.4e1945fb4e1945fb.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: NetMeeting Remote Desktop Sharing mnmsrvcBITS (mnmsrvcBITS) - Unknown owner - C:WINDOWSsystem321031u.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12749 bytes

==


SoeMyatThu - 23-5-2008 at 13:29

====

1. The problems having been solved so far:

1.1 The Internet Explorer, which could not access the Internet, can access it now.
1.2 The Firefox, which could not access the Internet, can access it now.
1.3 The 'Windows Security Center' (Problem Message #4), which was the first startup program, is gone.
1.4 The 'System Shutdown' (Problem Message #3) is gone.

Thank you very much for solving these problems.

2. The problems still persistent:

2.1 Whenever I start the computer, the first message that appears on the screen the 'Explorer.EXE - Application Error' (Problem Message #5).

The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug the program
[OK] [Cancel]


2.1.1 When I click on CANCEL (thereby debugging the program), I get the following message:

==

DrWatson Postmortem Debugger

DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were working on might be lost.

Please tell Microsoft about this problem.

We have created an error report that you can send to help us improve DrWatson Postmortem Debugger. We will treat this report as confidential and anonymous.

To see what data this report contains, {click here.}

[Debug] [Send Error Report] [Don't Send]

==

2.1.2 When I click the {click here} above, I get this message:

==

DrWatson Postmortem Debugger

Error signature

Event Type: BEX P1:drwtsn32.exe P2: 5.1.2600.0 P3: 3b7d84a2
P4: dbghelp.dll P5: 5.1.2600.2180 P6: 4120969a P7: 1001295d
P8: c0000409 P9: 00000000


Reporting details:

This error report includes information regarding the condition of DrWatson Postmortem Debugger when the problem occurred, the operating system version and computer harware in use, and the Internet protocol (IP) address of your computer.

We do not intentionally collect your name, address, email address or any otrher form of personally identifiable information. However, the error report may contain customer specific information in the collected data file. While this information could potentially be used to determine your identity, if present, it will not be used.

The data that we collect will only be used to fix the problem. If more information is available, we will tell you when you report the problem. This error report will be sent using a secure connection to a database with limited access and will not be used for marketing purposes.

To see technical information about the error report, {click here}

To see our data collection policy on the web, {click here}

==

2.1.3 When I click on the technical information about the error report, I get the following message:

==

Error Report Contents:
C:DOCUME~1HP_ADM~1|LOCALS~1TempWERb495.dir00drwtsn32.exe.mdmp
C:DOCUME~1HP_ADM~1|LOCALS~1TempWERb495.dir00appcompat.txt

==

2.1.4 When I click on the data collection policy on the web, I am brought to Microsoft Online Crash Analysis (http://oca.microsoft.com/en/dcp20.asp).

==

2.2 Whenever I start AIM, I got AIM.exe - Application Error (Problem Message #7):

The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "read".

Click on OK to terinate the program
Click on CANCEL to debug the program

2.2.1 When click OK (terminating the program), it disappears.

2.2.2 When I click CANCEL (debugging the program), it remains, but nothing moves. Then it disappears.

====


hawklord - 24-5-2008 at 16:53

hi,

please can you navigate here

C:WindowsPrefetch

and delete everything in the Prefetch folder (but not the folder itself)

i also need to know what services you have running,

please can you do this -

click on start > run
in the box that opens type services.msc and press enter
in the window that opens click on action then export list
in the next window -
save the file to your desktop
name the file 'services'
in the 'save as type' section, use the dropdown box and choose Text (Comma Delimited)(*.CSV)

reboot your pc and send the services file


SoeMyatThu - 24-5-2008 at 22:51

Quote:
Originally posted by hawklord
hi,

please can you navigate here

C:WindowsPrefetch

and delete everything in the Prefetch folder (but not the folder itself)

i also need to know what services you have running,

please can you do this -

click on start > run
in the box that opens type services.msc and press enter
in the window that opens click on action then export list
in the next window -
save the file to your desktop
name the file 'services'
in the 'save as type' section, use the dropdown box and choose Text (Comma Delimited)(*.CSV)

reboot your pc and send the services file


==xxoxx==


The services.csv file is in the attachment.


I did HijackThis in case of need.

==xxoxx==


SoeMyatThu - 25-5-2008 at 04:53

It seems that the following error messages have been solved.


(1) Your system is unstable ( Kernel32x.SYS)

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

I will wait for one or two more days, and then I will know it definitely.


hawklord - 26-5-2008 at 08:28

hi,

it may seem solved but i believe you are still infected,

please can you do this

start > run and type services.msc then press enter
locate

Microsoft DDE+ server
NetMeeting Remote Desktop Sharing mnmsrvcBITS

double click on the entry
in the window that opens, choose the general tab
next to service name please make a note of its name - this is important as it may be needed later
in the startup type drop down box, change it from automatic to dissable
next to service status click on stop
click apply then ok

do this for both entries

remember to make a note of the service name

reboot your pc and post a fresh hijackthis log


Pancake - 26-5-2008 at 23:58

Lets see if I can help out here.We need to get into the hidden files..


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


SoeMyatThu - 27-5-2008 at 01:05

[quote][i]Originally posted by hawklord[/i]
hi,

it may seem solved but i believe you are still infected,

please can you do this

start > run and type [b]services.msc[/b] then press enter
locate

Microsoft DDE+ server
NetMeeting Remote Desktop Sharing mnmsrvcBITS

double click on the entry
in the window that opens, choose the general tab
next to [b]service name[/b] please make a note of its name - this is important as it may be needed later
in the [b]startup type[/b] drop down box, change it from automatic to dissable
next to [b]service status[/b] click on stop
click apply then ok

do this for both entries

[i]remember to make a note of the service name[/i]

reboot your pc and post a fresh hijackthis log [/quote]


==xxoxx==


Microsoft DDE + server
Service Name: 4e1945fb

NetMeeting Remote Desktop Sharing mnmsrvcBITS
Service Name: mnmsrvcBITS

The HihackThis log is hereunder:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:41 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:WINDOWSehomeehtray.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:PROGRA~1McAfeeMPSmps.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesAmerica Online 9.0waol.exe
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesAmerica Online 9.0shellmon.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32drwtsn32.exe
C:HPKBDKBD.EXE

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer =

24.22.15.237:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -

C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program

FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-

4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -

C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program

FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program

FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program

FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1

mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program

FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} -

C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program

filesgooglegoogletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program

FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program

FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot

OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software

UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1

ISUSPM.exe -startup
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe

/uninstall
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5

avgas.exe" /minimized
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon

FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -

hide
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AOL Fast Start] "C:Program FilesAmerica Online 9.0AOL.EXE" -b
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe"

-quiet
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462

GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program

FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-

USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program

FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program

FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1

MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and

SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program

FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-

48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-

Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-

Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

- C:Program FilesYahoo!MessengerYahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program

FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -

https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:WINDOWSsystem32

wm1dap.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-

Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program

FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc -

C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1

COMMON~1AOLAOLSPY~1\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile

Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-

Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1

McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program

FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program

FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-

Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon

FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1

McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1

McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1

COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1

mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1

McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1

mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1

COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1

McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1

McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program

FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1

McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program

FilesViewpointCommonViewpointService.exe

--
End of file - 12962 bytes

==xxoxx==


SoeMyatThu - 27-5-2008 at 01:52

[quote][i]Originally posted by Pancake[/i]
Lets see if I can help out here.We need to get into the hidden files..


Ok.We need to download [b]ComboFix.exe.[/b] This will give a better view to the files running and also hidden on your computer.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

[b]Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Maluse can cause serious computer problems.[/b]

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. [/quote]

==xxoxx==


I went to the Combofix.exe guide page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix


The guide says I need to install Windows XP Recovery Console. In order to do that, it says I need to have Windows XP CD or six floppy disks.

My friend has no Windows CD.

And his computer has no floppy disk drive. The computer has only (a) LightScribe DCD SuperMulti Drive/CD-Writer dive, and (b) DVD-ROM drive.

What should I do? Should I run Combofix without installing Windows XP Recovery Console?

==oxx==


Pancake - 27-5-2008 at 02:45

You do not need any disc.The Recovery Console will install automaticly for you....its very easy.


SoeMyatThu - 27-5-2008 at 03:08

[quote][i]Originally posted by Pancake[/i]
You do not need any disc.The Recovery Console will install automaticly for you....its very easy. [/quote]

==xxoxx==

Thanks. I will try to do that.


SoeMyatThu - 27-5-2008 at 04:55

[quote][i]Originally posted by Pancake[/i]
Lets see if I can help out here.We need to get into the hidden files..


Ok.We need to download [b]ComboFix.exe.[/b] This will give a better view to the files running and also hidden on your computer.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

[b]Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Maluse can cause serious computer problems.[/b]

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. [/quote]




==xxoxx==


The Combofix Log:

ComboFix 08-05-25.5 - HP_Administrator 2008-05-27 0:13:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.491 [GMT -4:00]
Running from: C:Documents and SettingsHP_AdministratorDesktopComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsFamilyApplication Datawsnpoem
C:Documents and SettingsFamilyApplication Datawsnpoemaudio.dll
C:Documents and SettingsFamilyApplication Datawsnpoemvideo.dll
C:Documents and SettingsGangLocal SettingsApplication DataMicrosoftWindows Media10.0WMSDKNSD.XML
C:Documents and SettingsGuestApplication Datawsnpoem
C:Documents and SettingsGuestApplication Datawsnpoemaudio.dll
C:Documents and SettingsGuestApplication Datawsnpoemvideo.dll
C:Documents and SettingsGuestLocal SettingsApplication DataMicrosoftWindows Media10.0WMSDKNSD.XML
C:Documents and SettingsHP_AdministratorApplication DatamacromediaFlash Player#SharedObjects7X69MTD5www.broadcaster.com
C:Documents and SettingsHP_AdministratorApplication DatamacromediaFlash Playermacromedia.comsupportflashplayersys#www.broadcaster.com
C:WINDOWSDownloaded Program FilesODCTOOLS
C:WINDOWSsystem32wm05.dll
D:Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_MSUPDATE


((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-26 22:23 . 2008-05-26 22:24 <DIR> d-------- C:Mass Media
2008-05-26 14:29 . 2008-05-26 14:29 <DIR> d-------- C:Program FilesCCleaner
2008-05-26 14:22 . 2008-05-26 14:23 <DIR> d-------- C:CCSetup207
2008-05-26 14:21 . 2008-05-26 14:21 <DIR> d-------- C:RegisterBooster2
2008-05-26 13:41 . 2008-05-26 13:41 <DIR> d-------- C:Windows Defender
2008-05-25 14:16 . 2008-05-25 14:16 <DIR> d-------- C:Documents and SettingsLocalServiceApplication DataViewpoint
2008-05-24 17:49 . 2008-05-24 17:51 <DIR> d-------- C:CCleaner 2.0.7.575
2008-05-23 07:32 . 2008-05-23 07:32 <DIR> d-------- C:Documents and SettingsFamilyApplication DataGrisoft
2008-05-23 00:45 . 2008-05-23 00:50 <DIR> d-------- C:Companies
2008-05-22 11:26 . 2008-05-22 18:03 <DIR> d-------- C:KarlsForums.com
2008-05-22 09:55 . 2008-05-22 09:56 <DIR> d-------- C:Microsoft Windows Malicious Software Removal Tool
2008-05-22 09:54 . 2008-05-22 09:55 <DIR> d-------- C:Avgarkt
2008-05-21 23:09 . 2008-05-21 23:09 <DIR> d-------- C:Windows Media Player Firefox Plugin
2008-05-21 15:06 . 2008-05-21 15:06 <DIR> d-------- C:Documents and SettingsHP_AdministratorApplication DataViewpoint
2008-05-21 14:11 . 2008-05-21 14:11 <DIR> d-------- C:Program FilesOpera
2008-05-21 14:10 . 2008-05-21 14:11 <DIR> d-------- C:Opera 9.27
2008-05-20 18:31 . 2008-05-20 18:31 <DIR> d-------- C:Documents and SettingsHP_AdministratorApplication DataGrisoft
2008-05-20 18:26 . 2008-05-20 18:26 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataGrisoft
2008-05-20 18:26 . 2007-05-30 08:10 10,872 --a------ C:WINDOWSsystem32driversAvgAsCln.sys
2008-05-20 18:03 . 2008-05-20 18:03 <DIR> d-------- C:New Folder
2008-05-20 18:03 . 2008-05-20 18:04 <DIR> d-------- C:Avgas
2008-05-20 12:10 . 2008-05-20 12:11 <DIR> d-------- C:Serif PagePlus X3
2008-05-19 23:54 . 2008-05-19 23:54 <DIR> d-------- C:Firefox 2.0.0.14
2008-05-19 18:15 . 2008-05-20 03:37 3,048 --a------ C:WINDOWSsystem32tmp.reg
2008-05-19 16:19 . 2008-05-19 16:20 <DIR> d-------- C:Program FilesAIMTunes
2008-05-19 16:17 . 2008-05-19 16:20 <DIR> d-------- C:Program FilesAIM6
2008-05-19 15:00 . 2008-05-19 15:00 <DIR> d-------- C:AIM 6.5
2008-05-19 14:43 . 2008-05-19 14:43 <DIR> d-------- C:Program FilesSpybot - Search & Destroy
2008-05-19 14:43 . 2008-05-19 16:16 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-05-19 14:25 . 2008-05-26 23:34 <DIR> d-a------ C:Documents and SettingsAll UsersApplication DataTEMP
2008-05-19 13:30 . 2008-05-19 13:30 127,912 --ah----- C:WINDOWSsystem32mlfcache.dat
2008-05-18 19:19 . 2008-05-18 19:38 <DIR> d-------- C:Academics
2008-05-18 18:04 . 2008-05-20 03:44 <DIR> d-------- C:SmitFraudFix
2008-05-18 13:35 . 2008-05-18 14:41 <DIR> d-------- C:Avira Antivir Removal Tools
2008-05-18 13:14 . 2008-05-21 16:29 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataAvira
2008-05-18 13:05 . 2008-05-19 14:41 <DIR> d-------- C:Program FilesSpywareBlaster
2008-05-18 13:03 . 2008-05-19 13:30 <DIR> d-------- C:Program FilesSpywareGuard
2008-05-18 05:44 . 2008-05-18 05:45 <DIR> d-------- C:CCleaner Slim
2008-05-18 05:43 . 2008-05-18 05:43 <DIR> d-------- C:Registry-Cleaner
2008-05-18 05:42 . 2008-05-18 05:43 <DIR> d-------- C:EasyCleaner
2008-05-18 00:11 . 2008-05-18 00:12 <DIR> d-------- C:AVG Anti-Virus
2008-05-18 00:09 . 2008-05-18 00:10 <DIR> d-------- C:Avira Antivir
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:Avast Home Edition
2008-05-18 00:05 . 2008-05-18 00:05 <DIR> d-------- C:SpyBot Search and Destroy
2008-05-18 00:03 . 2008-05-18 00:03 <DIR> d-------- C:SpywareBlaster
2008-05-18 00:00 . 2008-05-18 00:00 <DIR> d-------- C:RegistryBooster
2008-05-17 23:58 . 2008-05-17 23:59 <DIR> d-------- C:SpywareGuard
2008-05-17 23:44 . 2008-05-17 23:44 <DIR> d-------- C:Program FilesTrend Micro
2008-05-17 23:42 . 2008-05-26 21:02 <DIR> d-------- C:HijackThis
2008-05-17 20:00 . 2008-05-17 20:00 <DIR> d-------- C:Program FilesPanda Security
2008-05-17 18:27 . 2008-05-17 20:49 <DIR> d-------- C:WINDOWSsystem32scripting
2008-05-17 18:27 . 2008-05-17 20:49 <DIR> d-------- C:WINDOWSsystem32en
2008-05-17 18:27 . 2008-05-17 20:49 <DIR> d-------- C:WINDOWSsystem32bits
2008-05-17 18:27 . 2008-05-17 20:48 <DIR> d-------- C:WINDOWSl2schemas
2008-05-17 18:16 . 2006-10-05 04:31 79,872 --a------ C:WINDOWSsystem32msxml6r.dll
2008-05-17 18:14 . 2007-10-25 23:34 8,460,288 --a------ C:WINDOWSsystem32dllcacheshell32.dll
2008-05-17 14:25 . 2008-05-17 14:25 <DIR> d-------- C:Program FilesWindows Defender
2008-05-17 14:19 . 2008-05-17 14:21 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataLavasoft
2008-05-17 12:50 . 2008-04-13 20:12 7,680 --a------ C:WINDOWSsystem32spdwnwxp.exe
2008-05-17 12:48 . 2006-12-28 15:01 19,569 --a------ C:WINDOWS[u]0[/u]03569_.tmp
2008-05-17 12:35 . 2008-05-17 12:35 <DIR> d-------- C:Windows Malicious Software Removal Tool
2008-05-17 12:33 . 2008-05-17 12:34 <DIR> d-------- C:WindowsDefender
2008-05-17 12:28 . 2008-05-17 12:28 <DIR> d-------- C:VersionTrackerPro
2008-05-17 12:27 . 2008-05-17 12:27 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-05-17 12:23 . 2008-05-26 20:28 <DIR> d-------- C:Ad-Aware2007
2008-05-17 11:14 . 2008-05-17 12:10 <DIR> d-------- C:!KillBox
2008-05-17 11:13 . 2008-05-17 11:13 <DIR> d-------- C:KillBox
2008-05-17 10:43 . 2008-05-26 23:57 54,156 --ah----- C:WINDOWSQTFont.qfn
2008-05-17 10:43 . 2008-05-17 10:43 1,409 --a------ C:WINDOWSQTFont.for
2008-05-15 12:01 . 2008-05-15 12:01 <DIR> d-------- C:Documents and SettingsFamilyApplication DataQQ Games Plugin
2008-05-14 14:32 . 2008-05-18 15:34 190 --a-s---- C:WINDOWSsystem322957042677.dat
2008-05-11 15:43 . 2008-05-11 15:45 <DIR> d-------- C:MPEG-4 V123 VKI Codec
2008-05-11 15:08 . 2008-05-11 15:09 <DIR> d-------- C:Codec H264
2008-05-10 18:47 . 2008-05-10 18:47 <DIR> d-------- C:AlphaZawgyi
2008-05-10 18:47 . 2008-01-22 10:22 6,656 --a------ C:WINDOWSsystem32ZawgyiA.dll
2008-05-10 18:19 . 2008-05-10 18:19 <DIR> d-------- C:ZFK-RG-WC
2008-05-10 18:17 . 2008-05-10 18:17 <DIR> d-------- C:ZawgyiGTalkfont
2008-05-10 18:15 . 2008-05-10 18:16 <DIR> d-------- C:MyanmarKeyboardHelper
2008-05-10 18:13 . 2008-05-10 18:13 <DIR> d-------- C:AlphaZawgyi Version 3
2008-05-06 21:18 . 2008-05-06 21:18 <DIR> d-------- C:Program FilesCommon Filesxing shared
2008-05-03 14:55 . 2008-05-27 00:19 15,864 --a------ C:WINDOWSsystem32Config.MPF
2008-05-03 14:51 . 2006-03-03 11:07 143,360 --a------ C:WINDOWSsystem32dunzip32.dll
2008-05-03 14:48 . 2008-02-06 09:51 171,400 --a------ C:WINDOWSsystem32driversmfehidk.sys
2008-05-03 14:48 . 2007-03-02 14:16 109,608 --a------ C:WINDOWSsystem32driversMpfp.sys
2008-05-03 14:48 . 2007-06-25 14:54 71,496 --a------ C:WINDOWSsystem32driversmfeavfk.sys
2008-05-03 14:48 . 2007-06-25 10:57 37,480 --a------ C:WINDOWSsystem32driversmfesmfk.sys
2008-05-03 14:48 . 2007-06-25 10:57 34,184 --a------ C:WINDOWSsystem32driversmfebopk.sys
2008-05-03 14:48 . 2007-06-25 10:57 32,008 --a------ C:WINDOWSsystem32driversmferkdk.sys
2008-05-03 14:46 . 2008-05-03 14:46 <DIR> d-------- C:Program FilesMcAfee.com
2008-05-03 14:45 . 2008-05-03 14:51 <DIR> d-------- C:Program FilesCommon FilesMcAfee
2008-05-03 14:35 . 2008-05-03 14:35 <DIR> d-------- C:DMSetup
2008-04-30 21:09 . 2008-04-30 21:09 <DIR> d-------- C:Alvin Sherman Library
2008-04-30 17:14 . 2008-04-30 18:32 <DIR> d-------- C:OOo in Burmese
2008-04-30 16:10 . 2008-04-30 16:10 <DIR> d-------- C:myWin 2.2
2008-04-30 16:10 . 2008-04-30 16:11 <DIR> d-------- C:Firefox 3.0a1.my-MM.langpack.xpi
2008-04-30 16:03 . 2008-04-30 16:03 <DIR> d-------- C:myWin 2.1
2008-04-30 15:44 . 2008-04-30 15:48 <DIR> d-------- C:OOo (Burmese Graphite patches) 2.4
2008-04-30 15:43 . 2008-04-30 15:47 <DIR> d-------- C:OOo (Burmese) 2.4
2008-04-30 15:31 . 2008-04-30 15:32 <DIR> d-------- C:Zawgyi
2008-04-30 14:58 . 2008-04-30 14:58 <DIR> d-------- C:WMP Firefox Plugin
2008-04-30 11:34 . 2008-04-30 11:34 <DIR> d-------- C:Google SketchUp 6
2008-04-30 10:51 . 2008-04-30 10:51 <DIR> d-------- C:Innlam Address

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 02:41 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataOpenOffice.org2
2008-05-23 11:33 --------- d-----w C:Documents and SettingsFamilyApplication DataOpenOffice.org2
2008-05-21 05:55 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataIMVU
2008-05-20 16:53 --------- d-----w C:Program FilesXP Cleaner
2008-05-19 20:18 --------- d-----w C:Program FilesViewpoint
2008-05-19 20:18 --------- d-----w C:Documents and SettingsAll UsersApplication DataViewpoint
2008-05-19 17:29 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataApple Computer
2008-05-17 18:19 --------- d-----w C:Program FilesLavasoft
2008-05-17 18:15 --------- d-----w C:Program FilesMicrosoft Silverlight
2008-05-10 23:04 --------- d-----w C:Program FilesAlpha Zawgyi
2008-05-07 01:18 --------- d-----w C:Program FilesCommon FilesReal
2008-05-04 04:06 --------- d-----w C:Program FilesMcAfee
2008-04-28 00:55 --------- d-----w C:Program FilesSerif
2008-04-25 18:51 --------- d-----w C:Program FilesSafari
2008-04-25 18:48 --------- d-----w C:Program FilesApple Software Update
2008-04-22 18:42 --------- d-----w C:Documents and SettingsLocalServiceApplication DataYahoo!
2008-04-13 20:55 --------- d-----w C:Program FilesDivX
2008-04-12 10:59 --------- d-----w C:Documents and SettingsGuestApplication DataImage Zone Express
2008-04-12 05:58 --------- d-----w C:Documents and SettingsGuestApplication DataAOL
2008-04-12 05:48 --------- d-----w C:Documents and SettingsGuestApplication DataApple Computer
2008-04-12 05:45 --------- d-----w C:Documents and SettingsGuestApplication DataInkscape
2008-04-12 05:44 --------- d-----w C:Program Filese-Sword
2008-04-12 04:53 --------- d-----w C:Program FilesBible
2008-04-08 00:50 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-04-07 23:44 --------- d-----w C:Program FilesFlashGet
2008-04-07 07:03 --------- d-----w C:Documents and SettingsHP_AdministratorApplication Datagtk-2.0
2008-04-07 06:39 2,348 ----a-w C:Documents and SettingsHP_AdministratorApplication Datawklnhst.dat
2008-04-06 05:42 --------- d-----w C:Program FilesCommon FilesAdobe
2008-04-05 01:06 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataInkscape
2008-04-05 01:05 --------- d-----w C:Program FilesInkscape
2008-04-04 18:07 --------- d-----w C:Program FilesiTunes
2008-04-04 18:06 --------- d-----w C:Program FilesiPod
2008-04-04 18:04 --------- d-----w C:Program FilesQuickTime
2008-04-02 13:38 --------- d-----w C:Program FilesHewlett-Packard
2008-04-02 13:30 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataWinBatch
2008-03-30 23:11 --------- d-----w C:Program FilesFLV Player
2008-03-30 20:02 492 ----a-w C:Documents and SettingsGuestApplication Datawklnhst.dat
2008-03-30 20:01 --------- d-----w C:Documents and SettingsGuestApplication DataOpenOffice.org2
2008-03-29 23:19 --------- d-----w C:Program FilesBonjour
2008-03-29 23:14 --------- d-----w C:Program FilesCommon FilesApple
2008-03-29 23:14 --------- d-----w C:Documents and SettingsAll UsersApplication DataApple
2008-03-28 04:23 --------- d-----w C:Program FilesOpenOffice.org 2.4
2008-03-28 04:21 --------- d-----w C:Program FilesOpenOffice.org 2.3
2008-03-27 03:15 --------- d-----w C:Documents and SettingsFamilyApplication DataAOL
2008-03-22 15:55 10,920 ----a-w C:aolconnfix.exe
2008-03-21 02:54 22,052,912 ----a-w C:gimp-help-2-2.4.0-eng-setup.exe
2008-01-07 01:44 130 ----a-w C:Documents and SettingsFamilyApplication Datawklnhst.dat
2007-04-06 17:16 948 ----a-w C:Program FilesINSTALL.LOG
2005-05-06 03:33 5,300 ----a-w C:Program Fileseula.txt
2004-09-10 07:27 25,214 ----a-w C:Program Filesicon.ico
1999-06-25 14:55 149,504 ----a-w C:Program FilesUNWISE.EXE
.

------- Sigcheck -------

2005-03-13 21:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:WINDOWS$hf_mig$KB893066SP2QFEtcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:WINDOWS$hf_mig$KB913446SP2QFEtcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:WINDOWS$hf_mig$KB917953SP2QFEtcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:WINDOWS$hf_mig$KB941644SP2QFEtcpip.sys
2004-08-10 01:00 359040 9f4b36614a0fc234525ba224957de55c C:WINDOWS$NtUninstallKB893066$tcpip.sys
2005-03-13 20:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:WINDOWS$NtUninstallKB913446$tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:WINDOWS$NtUninstallKB917953$tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:WINDOWS$NtUninstallKB941644$tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:WINDOWSSoftwareDistributionDownloaddd9ab5193501484cf5e6884fa1d22f9etcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:WINDOWSsystem32dllcachetcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:WINDOWSsystem32driverstcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-10 01:00 15360]
"Yahoo! Pager"="C:Program FilesYahoo!MessengerYahooMessenger.exe" [2007-03-27 15:22 4670968]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="C:WINDOWSehomeehtray.exe" [2005-08-05 16:56 64512]
"HPBootOp"="C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" [2005-02-25 18:34 245760]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2007-05-08 16:24 54840]
"MBkLogOnHook"="C:Program FilesMcAfeeMBKLogOnHook.exe" [2007-01-08 11:22 20480]
"ISUSPM Startup"="C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-07-27 19:50 221184]
"OASClnt"="C:Program FilesMcAfee.comVSOoasclnt.exe" [ ]
"MSKDetectorExe"="C:Program FilesMcAfeeSpamKillerMSKDetct.exe" [2006-11-07 15:49 1121280]
"MSKAGENTEXE"="C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe" [ ]
"!AVG Anti-Spyware"="C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [2007-06-11 05:25 6731312]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2008-05-06 21:17 185896]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"swg"="C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [ ]

C:Documents and SettingsFamilyStart MenuProgramsStartup
OpenOffice.org 2.4.lnk - C:Program FilesOpenOffice.org 2.4programquickstart.exe [2008-03-17 10:39:12 393216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"= C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"= C:WINDOWSResourcesThemesRoyale.theme

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal4e1945fb]
@="Service"

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Synchronizer.lnk
backup=C:WINDOWSpssAdobe Reader Synchronizer.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupATI CATALYST System Tray.lnk
backup=C:WINDOWSpssATI CATALYST System Tray.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Digital Imaging Monitor.lnk
backup=C:WINDOWSpssHP Digital Imaging Monitor.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Image Zone Fast Start.lnk
backup=C:WINDOWSpssHP Image Zone Fast Start.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupUpdates from HP.lnk
backup=C:WINDOWSpssUpdates from HP.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupWinZip Quick Pick.lnk
backup=C:WINDOWSpssWinZip Quick Pick.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupIMVU.lnk
backup=C:WINDOWSpssIMVU.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.0.lnk
backup=C:WINDOWSpssOpenOffice.org 2.0.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.2.lnk
backup=C:WINDOWSpssOpenOffice.org 2.2.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.3.lnk
backup=C:WINDOWSpssOpenOffice.org 2.3.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.4.lnk
backup=C:WINDOWSpssOpenOffice.org 2.4.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupSpywareGuard.lnk
backup=C:WINDOWSpssSpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:Program FilesAdobeReader 8.0ReaderReader_sl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAim6]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
--a------ 2005-05-03 18:43 69632 C:WINDOWSALCMTR.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlwaysReady Power Message APP]
--a------ 2005-08-02 19:19 77312 C:WINDOWSarpwrmsg.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAOL Fast Start]
--a------ 2005-07-12 01:17 50776 C:Program FilesAmerica Online 9.0AOL.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAOLDialer]
-ra------ 2004-10-20 09:40 34904 C:Program FilesCommon FilesAOLACSAOLDial.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]
--a------ 2005-08-10 03:33 61440 C:Program FilesATI TechnologiesATI.ACEcli.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavgnt]
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
--a------ 2004-08-10 01:00 15360 C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW4]
--a------ 2006-04-19 09:30 728176 C:Program FilesThe Weather Channel FWDesktop WeatherDesktopWeather.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreggoogletalk]
--a------ 2007-01-01 17:22 3739648 C:Program FilesGoogleGoogle Talkgoogletalk.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHostManager]
--a------ 2006-05-09 20:24 50760 C:Program FilesCommon FilesAOL1159195477eeAOLSoftware.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
--a------ 2007-05-08 16:24 54840 C:Program FilesHPHP Software UpdateHPWuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPHUPD08]
c:Program FilesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIPHSend]
--a------ 2006-02-17 12:59 124520 C:Program FilesCommon FilesAOLIPHSendIPHSend.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
--a------ 2004-07-27 19:50 221184 C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
--a------ 2004-07-27 19:50 81920 c:program filescommon filesinstallshieldupdateserviceissch.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
--a------ 2008-03-30 10:36 267048 C:Program FilesiTunesiTunesHelper.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKBD]
--a------ 2005-02-02 16:44 61440 C:HPKBDKBD.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKeyman.exe]
C:Program FilesTavultesoftKeymankeyman.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLSBWatcher]
--a------ 2005-05-10 13:50 253952 c:hpdrivershplsbwatcherlsburnwatcher.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmcinfo_1209839008]
C:DOCUME~1HP_ADM~1LOCALS~1Tempmcinfo_1209839008.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
--a------ 2004-10-13 12:24 1694208 C:Program FilesMessengermsmsgs.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCDrProfiler]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPicasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:Program FilesPicasa2PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
--a------ 2008-03-28 23:37 413696 C:Program FilesQuickTimeqttask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
--a------ 2005-09-22 13:36 14854144 C:WINDOWSRTHDCPL.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:Program FilesSpybot - Search & DestroyTeaTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:Program FilesJavajre1.6.0_05binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtgcmd]
--a------ 2006-06-02 15:09 1757184 C:Program FilesSupport.combintgcmd.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
--a------ 2008-05-06 21:17 185896 C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]
C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUserFaultCheck]
C:WINDOWSsystem32dumprep 0 -u

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVeoh]
--a------ 2008-04-01 18:35 3587120 C:Program FilesVeoh NetworksVeohVeohClient.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
--a------ 2006-11-03 19:20 866584 C:Program FilesWindows DefenderMSASCui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:Program FilesYahoo!MessengerYahooMessenger.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"=
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"=
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"=
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"=
"C:\Program Files\America Online 9.0\waol.exe"=
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"=
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"=
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"=
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"=
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"=
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"=
"C:\Program Files\Messenger\msmsgs.exe"=
"C:\Program Files\Common Files\AOL\1159195477\EE\AOLServiceHost.exe"=
"C:\Program Files\Common Files\AOL\1159195477\EE\aolsoftware.exe"=
"C:\Program Files\Common Files\AOL\1159195477\EE\aim6.exe"=
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"C:\Program Files\Yahoo!\Messenger\YServer.exe"=
"C:\Program Files\Google\Google Talk\googletalk.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\Skype\Phone\Skype.exe"=
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"=
"C:\Program Files\AIM6\aim6.exe"=
"C:\Program Files\Tencent\QQ Games\QQGames.exe"=
"C:\Program Files\iTunes\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:Program FilesViewpointCommonViewpointService.exe" [2008-05-17 12:06]
S4 4e1945fb;Microsoft DDE+ server;C:WINDOWSsystem32.4e1945fb4e1945fb.exe []
S4 mnmsrvcBITS;NetMeeting Remote Desktop Sharing mnmsrvcBITS;C:WINDOWSsystem321031u.exe []

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 20:31:03 C:WINDOWSTasksAppleSoftwareUpdate.job"
- C:Program FilesApple Software UpdateSoftwareUpdate.exe
"2008-05-03 18:47:05 C:WINDOWSTasksMcDefragTask.job"
- c:PROGRA~1mcafeemqcQcConsol.exe'
"2008-05-03 18:47:03 C:WINDOWSTasksMcQcTask.job"
- c:PROGRA~1mcafeemqcQcConsol.exe
"2008-05-27 04:23:58 C:WINDOWSTasksMP Scheduled Scan.job"
- C:Program FilesWindows DefenderMpCmdRun.exe
"2008-05-27 00:54:36 C:WINDOWSTasksUser_Feed_Synchronization-{8D803DCF-B5C3-47A8-9C89-A2F41B06C11F}.job"
- C:WINDOWSsystem32msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 00:21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:WINDOWSsystem32ati2evxx.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32ati2evxx.exe
C:Program FilesCommon FilesAOLACSAOLacsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltpspd.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSehomeehrecvr.exe
C:WINDOWSehomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:PROGRA~1COMMON~1McAfeeMNAMcNASvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
C:PROGRA~1COMMON~1McAfeeMcProxyMcProxy.exe
C:PROGRA~1COMMON~1McAfeeRedirSvcRedirSvc.exe
C:PROGRA~1McAfeeVIRUSS~1Mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMpfSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSehomemcrdsvc.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehmsas.exe
C:PROGRA~1McAfee.comAgentmcagent.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesYahoo!MessengerYmsgr_tray.exe
C:PROGRA~1McAfeeMSCmcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-05-27 0:36:03 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-05-27 04:35:56

Pre-Run: 177,478,164,480 bytes free
Post-Run: 180,381,302,784 bytes free

464 --- E O F --- 2008-05-23 00:56:32


==xxoxx==


The HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:01 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:HPKBDKBD.EXE
C:WINDOWSexplorer.exe
c:windowssystemhpsysdrv.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12066 bytes


==xxoxx==


Pancake - 27-5-2008 at 05:43

Ok.Just this to fix and we are all done.It is best you remove one of your anti virus programs.You have AVG and Mcafee.Two cause conflicts and slow your computer down.Choose one.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:


Killall::

File::
C:WINDOWSsystem32tmp.reg
C:WINDOWSsystem32mlfcache.dat





Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


[bad img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/bad img]

Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


SoeMyatThu - 27-5-2008 at 11:57

Problem Messages

==

(1) Your system is unstable ( Kernel32x.SYS)

==

(2) Application Fatal Error (SysFader: IE7EXPLORER.EXE)

==

(3) System Shutdown (Issas.exe)
When this message came, the computer shut down almost immediately.

==

(4) Windows Security Center (Security Essentials)

==

(5) Explorer.EXE - Application Error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "written".
Ciick on OK to terminate the program
Click on CANCEL to debug the progam
[OK] [Cancel]

==

(6) Explorer.exe - Application Error
The instructionat "0x1001034b" referenced memory at "0x00000004". The memory could not be "read".
Click on OK to terminate the program.
[OK]

==

(7) aim6.exe - Application error
The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "read".

Click on OK to terinate the program
[OK]
Click on CANCEL to debug the program
[Cancel]

==

When I click on Cancel (either Problem Message #5 or #7), the following message appears:

==

(8) DrWatson Postmortem Debugger

DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were working on might be lost.

Please tell Microsoft about this problem.

We have created an error report that you can send to help us improve DrWatson Postmortem Debugger. We will treat this report as confidential and anonymous.

To see what data this report contains, {click here.}

[Debug] [Send Error Report] [Don't Send]

==

(9) Whenever I launch AOL, the following messages appear:

==

Error

A Runtime Error has occurred.
Do you want to Debug?
Line: 0
Error: 'SuperTabPane' is undefined.

[yes] [No]

==

When I click Yes, the following message appears:

==

Just-In-Time Debugger

Please select a debugger:

Possible Debuggers
New Instance of Microsoft Script Editor

[x] Set the currently selected debugger as the default.

Do you want to dbug using the selected debugger?

[Yes] [No]

When I click Yes, this message appears:

==

Step Into the Remote Procedure Call

Process: [OK]

[1652] C:Program FilesAmericaOnline 9.0waol.exe

Choose the program type that you want to debug:
[Help]
[x] Script
[Select All]
The following programs will be debugged:
Script

==

When I clieck OK, this message appears:

==

Microsoft Virtual Studio Debugger

Microsoft JScript runtime error: "SuperTabPane' isundefined

[Break] [Continue] [Help]

==

I click Break, and the following message appears:

==

Miscellaneous Files - Microsoft Script Editor [break] - JScript - script block

JScript - script block
function _AOLWLT1211890090 () {SuperTabPane.setTabInfo ('mail',429;}

==

As I don't know how to proceed, I click the x on the upper right-hand corner. The following message appears:

==

Microsoft Script Editor

Do you want to stop debugging?

[Yes] [No]

==

I click Yes, and the message disappears.

==xxoxx==

Problem Meesages #1 through #8 no longer appear.

Thank you very much for the patient and efficient help form hawklord and pancake.

Problem #9 is still here.
Adobe Flash Player does not work in Internet Explorer and AOL, although it works in Firefox and Safari.
AIM has a little more problem, but the problem is minor.

==xxoxx==


SoeMyatThu - 27-5-2008 at 12:50

[quote][i]Originally posted by Pancake[/i]
Ok.Just this to fix and we are all done.It is best you remove one of your anti virus programs.You have AVG and Mcafee.Two cause conflicts and slow your computer down.Choose one.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

[quote]

Killall::

File::
C:WINDOWSsystem32tmp.reg
C:WINDOWSsystem32mlfcache.dat



[/quote]

Save this as [b]CFScript.txt[/b], in the same location as ComboFix.exe which is on the Desktop.


[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]

Refering to the picture above, drag [b]CFScript.txt[/b] into ComboFix.exe


When finished, it shall produce a log for you at [b]C:ComboFix.txt[/b]

Please [b]copy and paste [/b] the [b]ComboFix.txt[/b] along with a fresh HijackThis log in your next reply please.


[u]*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*[/u] [/quote]


==xxoxx==

ComboFix Log:


ComboFix 08-05-25.5 - HP_Administrator 2008-05-27 6:54:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.620 [GMT -4:00]
Running from: C:Documents and SettingsHP_AdministratorDesktopComboFix.exe
Command switches used :: C:Documents and SettingsHP_AdministratorDesktopCFScript.txt
* Created a new restore point

FILE ::
C:WINDOWSsystem32mlfcache.dat
C:WINDOWSsystem32tmp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:WINDOWSsystem32mlfcache.dat
C:WINDOWSsystem32tmp.reg

.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-26 22:23 . 2008-05-26 22:24 <DIR> d-------- C:Mass Media
2008-05-26 14:29 . 2008-05-26 14:29 <DIR> d-------- C:Program FilesCCleaner
2008-05-26 14:22 . 2008-05-26 14:23 <DIR> d-------- C:CCSetup207
2008-05-26 14:21 . 2008-05-26 14:21 <DIR> d-------- C:RegisterBooster2
2008-05-26 13:41 . 2008-05-26 13:41 <DIR> d-------- C:Windows Defender
2008-05-25 14:16 . 2008-05-25 14:16 <DIR> d-------- C:Documents and SettingsLocalServiceApplication DataViewpoint
2008-05-24 17:49 . 2008-05-24 17:51 <DIR> d-------- C:CCleaner 2.0.7.575
2008-05-23 07:32 . 2008-05-23 07:32 <DIR> d-------- C:Documents and SettingsFamilyApplication DataGrisoft
2008-05-23 00:45 . 2008-05-23 00:50 <DIR> d-------- C:Companies
2008-05-22 11:26 . 2008-05-22 18:03 <DIR> d-------- C:KarlsForums.com
2008-05-22 09:55 . 2008-05-22 09:56 <DIR> d-------- C:Microsoft Windows Malicious Software Removal Tool
2008-05-22 09:54 . 2008-05-22 09:55 <DIR> d-------- C:Avgarkt
2008-05-21 23:09 . 2008-05-21 23:09 <DIR> d-------- C:Windows Media Player Firefox Plugin
2008-05-21 15:06 . 2008-05-21 15:06 <DIR> d-------- C:Documents and SettingsHP_AdministratorApplication DataViewpoint
2008-05-21 14:11 . 2008-05-21 14:11 <DIR> d-------- C:Program FilesOpera
2008-05-21 14:10 . 2008-05-21 14:11 <DIR> d-------- C:Opera 9.27
2008-05-20 18:31 . 2008-05-20 18:31 <DIR> d-------- C:Documents and SettingsHP_AdministratorApplication DataGrisoft
2008-05-20 18:26 . 2008-05-20 18:26 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataGrisoft
2008-05-20 18:26 . 2007-05-30 08:10 10,872 --a------ C:WINDOWSsystem32driversAvgAsCln.sys
2008-05-20 18:03 . 2008-05-20 18:03 <DIR> d-------- C:New Folder
2008-05-20 18:03 . 2008-05-20 18:04 <DIR> d-------- C:Avgas
2008-05-20 12:10 . 2008-05-20 12:11 <DIR> d-------- C:Serif PagePlus X3
2008-05-19 23:54 . 2008-05-19 23:54 <DIR> d-------- C:Firefox 2.0.0.14
2008-05-19 16:19 . 2008-05-19 16:20 <DIR> d-------- C:Program FilesAIMTunes
2008-05-19 16:17 . 2008-05-19 16:20 <DIR> d-------- C:Program FilesAIM6
2008-05-19 15:00 . 2008-05-19 15:00 <DIR> d-------- C:AIM 6.5
2008-05-19 14:43 . 2008-05-19 14:43 <DIR> d-------- C:Program FilesSpybot - Search & Destroy
2008-05-19 14:43 . 2008-05-19 16:16 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-05-19 14:25 . 2008-05-26 23:34 <DIR> d-a------ C:Documents and SettingsAll UsersApplication DataTEMP
2008-05-18 19:19 . 2008-05-27 05:04 <DIR> d-------- C:Academics
2008-05-18 18:04 . 2008-05-20 03:44 <DIR> d-------- C:SmitFraudFix
2008-05-18 13:35 . 2008-05-18 14:41 <DIR> d-------- C:Avira Antivir Removal Tools
2008-05-18 13:14 . 2008-05-21 16:29 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataAvira
2008-05-18 13:05 . 2008-05-19 14:41 <DIR> d-------- C:Program FilesSpywareBlaster
2008-05-18 13:03 . 2008-05-19 13:30 <DIR> d-------- C:Program FilesSpywareGuard
2008-05-18 05:44 . 2008-05-18 05:45 <DIR> d-------- C:CCleaner Slim
2008-05-18 05:43 . 2008-05-18 05:43 <DIR> d-------- C:Registry-Cleaner
2008-05-18 05:42 . 2008-05-18 05:43 <DIR> d-------- C:EasyCleaner
2008-05-18 00:09 . 2008-05-18 00:10 <DIR> d-------- C:Avira Antivir
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:Avast Home Edition
2008-05-18 00:05 . 2008-05-18 00:05 <DIR> d-------- C:SpyBot Search and Destroy
2008-05-18 00:03 . 2008-05-18 00:03 <DIR> d-------- C:SpywareBlaster
2008-05-18 00:00 . 2008-05-18 00:00 <DIR> d-------- C:RegistryBooster
2008-05-17 23:58 . 2008-05-17 23:59 <DIR> d-------- C:SpywareGuard
2008-05-17 23:44 . 2008-05-17 23:44 <DIR> d-------- C:Program FilesTrend Micro
2008-05-17 23:42 . 2008-05-27 00:54 <DIR> d-------- C:HijackThis
2008-05-17 20:00 . 2008-05-17 20:00 <DIR> d-------- C:Program FilesPanda Security
2008-05-17 18:27 . 2008-05-17 20:49 <DIR> d-------- C:WINDOWSsystem32scripting
2008-05-17 18:27 . 2008-05-17 20:49 <DIR> d-------- C:WINDOWSsystem32en
2008-05-17 18:27 . 2008-05-17 20:49 <DIR> d-------- C:WINDOWSsystem32bits
2008-05-17 18:27 . 2008-05-17 20:48 <DIR> d-------- C:WINDOWSl2schemas
2008-05-17 18:16 . 2006-10-05 04:31 79,872 --a------ C:WINDOWSsystem32msxml6r.dll
2008-05-17 18:14 . 2007-10-25 23:34 8,460,288 --a------ C:WINDOWSsystem32dllcacheshell32.dll
2008-05-17 14:25 . 2008-05-17 14:25 <DIR> d-------- C:Program FilesWindows Defender
2008-05-17 14:19 . 2008-05-17 14:21 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataLavasoft
2008-05-17 12:50 . 2008-04-13 20:12 7,680 --a------ C:WINDOWSsystem32spdwnwxp.exe
2008-05-17 12:48 . 2006-12-28 15:01 19,569 --a------ C:WINDOWS[u]0[/u]03569_.tmp
2008-05-17 12:35 . 2008-05-17 12:35 <DIR> d-------- C:Windows Malicious Software Removal Tool
2008-05-17 12:33 . 2008-05-17 12:34 <DIR> d-------- C:WindowsDefender
2008-05-17 12:28 . 2008-05-17 12:28 <DIR> d-------- C:VersionTrackerPro
2008-05-17 12:27 . 2008-05-17 12:27 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-05-17 12:23 . 2008-05-26 20:28 <DIR> d-------- C:Ad-Aware2007
2008-05-17 11:14 . 2008-05-17 12:10 <DIR> d-------- C:!KillBox
2008-05-17 11:13 . 2008-05-17 11:13 <DIR> d-------- C:KillBox
2008-05-17 10:43 . 2008-05-27 04:55 54,156 --ah----- C:WINDOWSQTFont.qfn
2008-05-17 10:43 . 2008-05-17 10:43 1,409 --a------ C:WINDOWSQTFont.for
2008-05-15 12:01 . 2008-05-15 12:01 <DIR> d-------- C:Documents and SettingsFamilyApplication DataQQ Games Plugin
2008-05-14 14:32 . 2008-05-18 15:34 190 --a-s---- C:WINDOWSsystem322957042677.dat
2008-05-11 15:43 . 2008-05-11 15:45 <DIR> d-------- C:MPEG-4 V123 VKI Codec
2008-05-11 15:08 . 2008-05-11 15:09 <DIR> d-------- C:Codec H264
2008-05-10 18:47 . 2008-05-10 18:47 <DIR> d-------- C:AlphaZawgyi
2008-05-10 18:47 . 2008-01-22 10:22 6,656 --a------ C:WINDOWSsystem32ZawgyiA.dll
2008-05-10 18:19 . 2008-05-10 18:19 <DIR> d-------- C:ZFK-RG-WC
2008-05-10 18:17 . 2008-05-10 18:17 <DIR> d-------- C:ZawgyiGTalkfont
2008-05-10 18:15 . 2008-05-10 18:16 <DIR> d-------- C:MyanmarKeyboardHelper
2008-05-10 18:13 . 2008-05-10 18:13 <DIR> d-------- C:AlphaZawgyi Version 3
2008-05-06 21:18 . 2008-05-06 21:18 <DIR> d-------- C:Program FilesCommon Filesxing shared
2008-05-03 14:55 . 2008-05-27 07:02 15,864 --a------ C:WINDOWSsystem32Config.MPF
2008-05-03 14:51 . 2006-03-03 11:07 143,360 --a------ C:WINDOWSsystem32dunzip32.dll
2008-05-03 14:48 . 2008-02-06 09:51 171,400 --a------ C:WINDOWSsystem32driversmfehidk.sys
2008-05-03 14:48 . 2007-03-02 14:16 109,608 --a------ C:WINDOWSsystem32driversMpfp.sys
2008-05-03 14:48 . 2007-06-25 14:54 71,496 --a------ C:WINDOWSsystem32driversmfeavfk.sys
2008-05-03 14:48 . 2007-06-25 10:57 37,480 --a------ C:WINDOWSsystem32driversmfesmfk.sys
2008-05-03 14:48 . 2007-06-25 10:57 34,184 --a------ C:WINDOWSsystem32driversmfebopk.sys
2008-05-03 14:48 . 2007-06-25 10:57 32,008 --a------ C:WINDOWSsystem32driversmferkdk.sys
2008-05-03 14:46 . 2008-05-03 14:46 <DIR> d-------- C:Program FilesMcAfee.com
2008-05-03 14:45 . 2008-05-03 14:51 <DIR> d-------- C:Program FilesCommon FilesMcAfee
2008-05-03 14:35 . 2008-05-03 14:35 <DIR> d-------- C:DMSetup
2008-04-30 21:09 . 2008-04-30 21:09 <DIR> d-------- C:Alvin Sherman Library
2008-04-30 17:14 . 2008-04-30 18:32 <DIR> d-------- C:OOo in Burmese
2008-04-30 16:10 . 2008-04-30 16:10 <DIR> d-------- C:myWin 2.2
2008-04-30 16:10 . 2008-04-30 16:11 <DIR> d-------- C:Firefox 3.0a1.my-MM.langpack.xpi
2008-04-30 16:03 . 2008-04-30 16:03 <DIR> d-------- C:myWin 2.1
2008-04-30 15:44 . 2008-04-30 15:48 <DIR> d-------- C:OOo (Burmese Graphite patches) 2.4
2008-04-30 15:43 . 2008-04-30 15:47 <DIR> d-------- C:OOo (Burmese) 2.4
2008-04-30 15:31 . 2008-04-30 15:32 <DIR> d-------- C:Zawgyi
2008-04-30 14:58 . 2008-04-30 14:58 <DIR> d-------- C:WMP Firefox Plugin
2008-04-30 11:34 . 2008-04-30 11:34 <DIR> d-------- C:Google SketchUp 6
2008-04-30 10:51 . 2008-04-30 10:51 <DIR> d-------- C:Innlam Address

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 10:44 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataOpenOffice.org2
2008-05-23 11:33 --------- d-----w C:Documents and SettingsFamilyApplication DataOpenOffice.org2
2008-05-21 05:55 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataIMVU
2008-05-20 16:53 --------- d-----w C:Program FilesXP Cleaner
2008-05-19 20:18 --------- d-----w C:Program FilesViewpoint
2008-05-19 20:18 --------- d-----w C:Documents and SettingsAll UsersApplication DataViewpoint
2008-05-19 17:29 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataApple Computer
2008-05-17 18:19 --------- d-----w C:Program FilesLavasoft
2008-05-17 18:15 --------- d-----w C:Program FilesMicrosoft Silverlight
2008-05-10 23:04 --------- d-----w C:Program FilesAlpha Zawgyi
2008-05-07 01:18 --------- d-----w C:Program FilesCommon FilesReal
2008-05-04 04:06 --------- d-----w C:Program FilesMcAfee
2008-04-28 00:55 --------- d-----w C:Program FilesSerif
2008-04-25 18:51 --------- d-----w C:Program FilesSafari
2008-04-25 18:48 --------- d-----w C:Program FilesApple Software Update
2008-04-22 18:42 --------- d-----w C:Documents and SettingsLocalServiceApplication DataYahoo!
2008-04-13 20:55 --------- d-----w C:Program FilesDivX
2008-04-12 10:59 --------- d-----w C:Documents and SettingsGuestApplication DataImage Zone Express
2008-04-12 05:58 --------- d-----w C:Documents and SettingsGuestApplication DataAOL
2008-04-12 05:48 --------- d-----w C:Documents and SettingsGuestApplication DataApple Computer
2008-04-12 05:45 --------- d-----w C:Documents and SettingsGuestApplication DataInkscape
2008-04-12 05:44 --------- d-----w C:Program Filese-Sword
2008-04-12 04:53 --------- d-----w C:Program FilesBible
2008-04-08 00:50 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-04-07 23:44 --------- d-----w C:Program FilesFlashGet
2008-04-07 07:03 --------- d-----w C:Documents and SettingsHP_AdministratorApplication Datagtk-2.0
2008-04-07 06:39 2,348 ----a-w C:Documents and SettingsHP_AdministratorApplication Datawklnhst.dat
2008-04-06 05:42 --------- d-----w C:Program FilesCommon FilesAdobe
2008-04-05 01:06 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataInkscape
2008-04-05 01:05 --------- d-----w C:Program FilesInkscape
2008-04-04 18:07 --------- d-----w C:Program FilesiTunes
2008-04-04 18:06 --------- d-----w C:Program FilesiPod
2008-04-04 18:04 --------- d-----w C:Program FilesQuickTime
2008-04-02 13:38 --------- d-----w C:Program FilesHewlett-Packard
2008-04-02 13:30 --------- d-----w C:Documents and SettingsHP_AdministratorApplication DataWinBatch
2008-03-30 23:11 --------- d-----w C:Program FilesFLV Player
2008-03-30 20:02 492 ----a-w C:Documents and SettingsGuestApplication Datawklnhst.dat
2008-03-30 20:01 --------- d-----w C:Documents and SettingsGuestApplication DataOpenOffice.org2
2008-03-29 23:19 --------- d-----w C:Program FilesBonjour
2008-03-29 23:14 --------- d-----w C:Program FilesCommon FilesApple
2008-03-29 23:14 --------- d-----w C:Documents and SettingsAll UsersApplication DataApple
2008-03-28 04:23 --------- d-----w C:Program FilesOpenOffice.org 2.4
2008-03-28 04:21 --------- d-----w C:Program FilesOpenOffice.org 2.3
2008-03-27 03:15 --------- d-----w C:Documents and SettingsFamilyApplication DataAOL
2008-03-22 15:55 10,920 ----a-w C:aolconnfix.exe
2008-03-21 02:54 22,052,912 ----a-w C:gimp-help-2-2.4.0-eng-setup.exe
2008-01-07 01:44 130 ----a-w C:Documents and SettingsFamilyApplication Datawklnhst.dat
2007-04-06 17:16 948 ----a-w C:Program FilesINSTALL.LOG
2005-05-06 03:33 5,300 ----a-w C:Program Fileseula.txt
2004-09-10 07:27 25,214 ----a-w C:Program Filesicon.ico
1999-06-25 14:55 149,504 ----a-w C:Program FilesUNWISE.EXE
.

------- Sigcheck -------

2005-03-13 21:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:WINDOWS$hf_mig$KB893066SP2QFEtcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:WINDOWS$hf_mig$KB913446SP2QFEtcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:WINDOWS$hf_mig$KB917953SP2QFEtcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:WINDOWS$hf_mig$KB941644SP2QFEtcpip.sys
2004-08-10 01:00 359040 9f4b36614a0fc234525ba224957de55c C:WINDOWS$NtUninstallKB893066$tcpip.sys
2005-03-13 20:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:WINDOWS$NtUninstallKB913446$tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:WINDOWS$NtUninstallKB917953$tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:WINDOWS$NtUninstallKB941644$tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:WINDOWSSoftwareDistributionDownloaddd9ab5193501484cf5e6884fa1d22f9etcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:WINDOWSsystem32dllcachetcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:WINDOWSsystem32driverstcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-27_ 0.35.33.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 04:20:11 2,048 --s-a-w C:WINDOWSbootstat.dat
+ 2008-05-27 11:01:05 2,048 --s-a-w C:WINDOWSbootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-10 01:00 15360]
"Yahoo! Pager"="C:Program FilesYahoo!MessengerYahooMessenger.exe" [2007-03-27 15:22 4670968]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ehTray"="C:WINDOWSehomeehtray.exe" [2005-08-05 16:56 64512]
"HPBootOp"="C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" [2005-02-25 18:34 245760]
"HP Software Update"="C:Program FilesHPHP Software UpdateHPWuSchd2.exe" [2007-05-08 16:24 54840]
"MBkLogOnHook"="C:Program FilesMcAfeeMBKLogOnHook.exe" [2007-01-08 11:22 20480]
"ISUSPM Startup"="C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-07-27 19:50 221184]
"OASClnt"="C:Program FilesMcAfee.comVSOoasclnt.exe" [ ]
"MSKDetectorExe"="C:Program FilesMcAfeeSpamKillerMSKDetct.exe" [2006-11-07 15:49 1121280]
"MSKAGENTEXE"="C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe" [ ]
"!AVG Anti-Spyware"="C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [2007-06-11 05:25 6731312]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2008-05-06 21:17 185896]
"combofix"="C:WINDOWSsystem32CF18768.exe" [2004-08-10 01:00 388608]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"swg"="C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [ ]

C:Documents and SettingsFamilyStart MenuProgramsStartup
OpenOffice.org 2.4.lnk - C:Program FilesOpenOffice.org 2.4programquickstart.exe [2008-03-17 10:39:12 393216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"InstallVisualStyle"= C:WINDOWSResourcesThemesRoyaleRoyale.msstyles
"InstallTheme"= C:WINDOWSResourcesThemesRoyale.theme

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal4e1945fb]
@="Service"

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Synchronizer.lnk
backup=C:WINDOWSpssAdobe Reader Synchronizer.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupATI CATALYST System Tray.lnk
backup=C:WINDOWSpssATI CATALYST System Tray.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Digital Imaging Monitor.lnk
backup=C:WINDOWSpssHP Digital Imaging Monitor.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupHP Image Zone Fast Start.lnk
backup=C:WINDOWSpssHP Image Zone Fast Start.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupUpdates from HP.lnk
backup=C:WINDOWSpssUpdates from HP.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupWinZip Quick Pick.lnk
backup=C:WINDOWSpssWinZip Quick Pick.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupIMVU.lnk
backup=C:WINDOWSpssIMVU.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.0.lnk
backup=C:WINDOWSpssOpenOffice.org 2.0.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.2.lnk
backup=C:WINDOWSpssOpenOffice.org 2.2.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.3.lnk
backup=C:WINDOWSpssOpenOffice.org 2.3.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupOpenOffice.org 2.4.lnk
backup=C:WINDOWSpssOpenOffice.org 2.4.lnkStartup

[HKLM~startupfolderC:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:Documents and SettingsHP_AdministratorStart MenuProgramsStartupSpywareGuard.lnk
backup=C:WINDOWSpssSpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:Program FilesAdobeReader 8.0ReaderReader_sl.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAim6]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
--a------ 2005-05-03 18:43 69632 C:WINDOWSALCMTR.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlwaysReady Power Message APP]
--a------ 2005-08-02 19:19 77312 C:WINDOWSarpwrmsg.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAOL Fast Start]
--a------ 2005-07-12 01:17 50776 C:Program FilesAmerica Online 9.0AOL.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAOLDialer]
-ra------ 2004-10-20 09:40 34904 C:Program FilesCommon FilesAOLACSAOLDial.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]
--a------ 2005-08-10 03:33 61440 C:Program FilesATI TechnologiesATI.ACEcli.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavgnt]
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
--a------ 2004-08-10 01:00 15360 C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW4]
--a------ 2006-04-19 09:30 728176 C:Program FilesThe Weather Channel FWDesktop WeatherDesktopWeather.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreggoogletalk]
--a------ 2007-01-01 17:22 3739648 C:Program FilesGoogleGoogle Talkgoogletalk.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHostManager]
--a------ 2006-05-09 20:24 50760 C:Program FilesCommon FilesAOL1159195477eeAOLSoftware.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]
--a------ 2007-05-08 16:24 54840 C:Program FilesHPHP Software UpdateHPWuSchd2.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPHUPD08]
c:Program FilesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIPHSend]
--a------ 2006-02-17 12:59 124520 C:Program FilesCommon FilesAOLIPHSendIPHSend.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
--a------ 2004-07-27 19:50 221184 C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
--a------ 2004-07-27 19:50 81920 c:program filescommon filesinstallshieldupdateserviceissch.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
--a------ 2008-03-30 10:36 267048 C:Program FilesiTunesiTunesHelper.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKBD]
--a------ 2005-02-02 16:44 61440 C:HPKBDKBD.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKeyman.exe]
C:Program FilesTavultesoftKeymankeyman.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLSBWatcher]
--a------ 2005-05-10 13:50 253952 c:hpdrivershplsbwatcherlsburnwatcher.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmcinfo_1209839008]
C:DOCUME~1HP_ADM~1LOCALS~1Tempmcinfo_1209839008.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
--a------ 2004-10-13 12:24 1694208 C:Program FilesMessengermsmsgs.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCDrProfiler]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPicasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:Program FilesPicasa2PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
--a------ 2008-03-28 23:37 413696 C:Program FilesQuickTimeqttask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
--a------ 2005-09-22 13:36 14854144 C:WINDOWSRTHDCPL.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:Program FilesSpybot - Search & DestroyTeaTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:Program FilesJavajre1.6.0_05binjusched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregtgcmd]
--a------ 2006-06-02 15:09 1757184 C:Program FilesSupport.combintgcmd.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
--a------ 2008-05-06 21:17 185896 C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]
C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUserFaultCheck]
C:WINDOWSsystem32dumprep 0 -u

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVeoh]
--a------ 2008-04-01 18:35 3587120 C:Program FilesVeoh NetworksVeohVeohClient.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWindows Defender]
--a------ 2006-11-03 19:20 866584 C:Program FilesWindows DefenderMSASCui.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:Program FilesYahoo!MessengerYahooMessenger.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"=
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"=
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"=
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"=
"C:\Program Files\America Online 9.0\waol.exe"=
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"=
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"=
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"=
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"=
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"=
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"=
"C:\Program Files\Messenger\msmsgs.exe"=
"C:\Program Files\Common Files\AOL\1159195477\EE\AOLServiceHost.exe"=
"C:\Program Files\Common Files\AOL\1159195477\EE\aolsoftware.exe"=
"C:\Program Files\Common Files\AOL\1159195477\EE\aim6.exe"=
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"C:\Program Files\Yahoo!\Messenger\YServer.exe"=
"C:\Program Files\Google\Google Talk\googletalk.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"C:\Program Files\Skype\Phone\Skype.exe"=
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"=
"C:\Program Files\AIM6\aim6.exe"=
"C:\Program Files\Tencent\QQ Games\QQGames.exe"=
"C:\Program Files\iTunes\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:Program FilesViewpointCommonViewpointService.exe" [2008-05-17 12:06]
S4 4e1945fb;Microsoft DDE+ server;C:WINDOWSsystem32.4e1945fb4e1945fb.exe []
S4 mnmsrvcBITS;NetMeeting Remote Desktop Sharing mnmsrvcBITS;C:WINDOWSsystem321031u.exe []

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 20:31:03 C:WINDOWSTasksAppleSoftwareUpdate.job"
- C:Program FilesApple Software UpdateSoftwareUpdate.exe
"2008-05-03 18:47:05 C:WINDOWSTasksMcDefragTask.job"
- c:PROGRA~1mcafeemqcQcConsol.exe'
"2008-05-03 18:47:03 C:WINDOWSTasksMcQcTask.job"
- c:PROGRA~1mcafeemqcQcConsol.exe
"2008-05-27 11:04:15 C:WINDOWSTasksMP Scheduled Scan.job"
- C:Program FilesWindows DefenderMpCmdRun.exe
"2008-05-27 00:54:36 C:WINDOWSTasksUser_Feed_Synchronization-{8D803DCF-B5C3-47A8-9C89-A2F41B06C11F}.job"
- C:WINDOWSsystem32msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 07:02:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:WINDOWSsystem32ati2evxx.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:Program FilesCommon FilesAOLACSAOLacsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltpspd.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSehomeehrecvr.exe
C:WINDOWSehomeehSched.exe
C:WINDOWSsystem32ati2evxx.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
C:PROGRA~1COMMON~1McAfeeMNAMcNASvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
C:PROGRA~1COMMON~1McAfeeMcProxyMcProxy.exe
C:PROGRA~1COMMON~1McAfeeRedirSvcRedirSvc.exe
C:PROGRA~1McAfeeVIRUSS~1Mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMpfSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSehomemcrdsvc.exe
C:PROGRA~1McAfeeMPSmpsevh.exe
C:WINDOWSsystem32dllhost.exe
C:PROGRA~1McAfee.comAgentmcagent.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSehomeehmsas.exe
C:Program FilesYahoo!MessengerYmsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-05-27 7:18:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 11:18:27
ComboFix2.txt 2008-05-27 04:36:05

Pre-Run: 180,346,707,968 bytes free
Post-Run: 180,329,902,080 bytes free

458 --- E O F --- 2008-05-23 00:56:32


==

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:59 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesMcAfeeMPSmpsevh.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSehomeehtray.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 11603 bytes


==


Pancake - 27-5-2008 at 22:27

Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


SoeMyatThu - 28-5-2008 at 01:52

[quote][i]Originally posted by Pancake[/i]
Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. [/quote]



==xxoxx==


MBAM Quick Scan Log:


Malwarebytes' Anti-Malware 1.12
Database version: 793

Scan type: Quick Scan
Objects scanned: 48028
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSoftwareThe Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallWeather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionControl PanelCplswxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:Program FilesXP Cleaner (Rogue.XPCleaner) -> Quarantined and deleted successfully.

Files Infected:
C:Documents and SettingsHP_AdministratorDesktopservices.csv (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:Documents and SettingsHP_AdministratorDesktopservices.csv.xls (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:Documents and SettingsHP_AdministratorDesktopservices.ods (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


==

MBAM Full Sacn Log:

Malwarebytes' Anti-Malware 1.12
Database version: 793

Scan type: Full Scan (C:|D:|)
Objects scanned: 234778
Time elapsed: 41 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:System Volume Information_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}RP370A0106856.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


==

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:02 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeMBKMBackMonitor.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesViewpointViewpoint ManagerViewMgr.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSExplorer.EXE
c:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSehomeehtray.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSeHomeehmsas.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesAmerica Online 9.0waol.exe
C:Program FilesAmerica Online 9.0shellmon.exe
C:HPKBDKBD.EXE
c:windowssystemhpsysdrv.exe
C:Program FilesJavajre1.5.0binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSsystem32taskmgr.exe
c:PROGRA~1mcafeemscmcuimgr.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 24.22.15.237:80
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [MBkLogOnHook] C:Program FilesMcAfeeMBKLogOnHook.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AOL Fast Start] "C:Program FilesAmerica Online 9.0AOL.EXE" -b
O4 - HKUSS-1-5-18..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:program filesaolaim toolbar 5.0resourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAIM Toolbar 5.0aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsHP_AdministratorStart MenuProgramsIMVURun IMVU.lnk
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207141972015
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:PROGRA~1COMMON~1AOLAOLSPY~1\aolserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:Program FilesMcAfeeMBKMBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 12242 bytes


==xxoxx==


Pancake - 28-5-2008 at 02:01

Are things any better.???


SoeMyatThu - 28-5-2008 at 15:19

[quote][i]Originally posted by Pancake[/i]
Are things any better.??? [/quote]

==xxoxx==

I no longer see Problem Messages #1 through #8.

Problem Message #9 is still here. I do not know how to debug.

Adobe Flash Player does not work in Internet Explorer and AOL.

In the message field of an AIM instant message, an image is not showing. This is a very minor problem.

Thank you very much for your help. I can live with the present condition now.


==xxoxx==


Pancake - 28-5-2008 at 22:28

Ok.Maybe if you go into one of our other forums they might be able to help with the rest of the problems...


This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

Quote:


ComboFix /u