Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackThis Log

Unread postby Ladyjasmine » April 7th, 2008, 12:39 pm

Windows Explorer and Windows Installer are not working. I've called Microsoft but my problems are beyond there "free help" techinicans. I have PCtools Internet Security Suite but have uninstalled it as it is not working. I've ran A-Squares Scanner in Safe Mode hoping it would detect something, but it only detects cookies. Any help is greatly appreciated. Thank you for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:52 AM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{80663FC8-8DA7-467C-9B25-3C547456D653}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe

--
End of file - 3922 bytes
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods
Advertisement
Register to Remove

Re: HiJackThis Log

Unread postby dan12 » April 7th, 2008, 2:17 pm

Hi, and welcome to malwareremoval forums

I'm dan12, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby dan12 » April 7th, 2008, 2:31 pm

I believe we have some files hiding from us, we need to flush them out.

Please go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe. Right click on the HijackThis.exe file and select "Rename". Rename it removal.exe,

Then run HijackThis again and post a new log please.

Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby Ladyjasmine » April 7th, 2008, 3:01 pm

OKay, here it is: Thank you!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:14 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\removal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{80663FC8-8DA7-467C-9B25-3C547456D653}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe

--
End of file - 4072 bytes
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods

Re: HiJackThis Log

Unread postby dan12 » April 7th, 2008, 4:15 pm

Hi,Ladyjasmine, I'm not seeing a lot in your log, but I'd like to run a few scans.

Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish

-------------------------------

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

----------------------------------

Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

-------------------------------

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt




Post a New HiJackThis Log
Reboot your computer. Start HiJackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the contents of CCleaner's install.txt from your desktop.
plus the malwarebytes log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby Ladyjasmine » April 7th, 2008, 6:47 pm

Here they are. Thank you. Windows Explorer and Windows Installer are still not working.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:38 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\removal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{80663FC8-8DA7-467C-9B25-3C547456D653}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe

--
End of file - 4127 byte


CCleanser's Install.txt
ABBYY FineReader 6.0 Sprint
Adobe Flash Player ActiveX
Apple Software Update
a-squared Anti-Malware 3.1
CCleaner (remove only)
DesignPro 5.0 Limited Edition
Enhancement Browser Tools Cpmsky
Eusing Free Registry Cleaner
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Hoyle Casino 2003
HpSdpAppCoreApp
Intel(R) Extreme Graphics Driver
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Lame ACM MP3 Codec
Lexmark Photo Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual J# .NET Redistributable Package 1.1
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Panda ActiveScan 2.0
QuickTime
RecordNow!
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Update for Windows XP (KB920342)
Update for Windows XP (KB925876)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Visioneer LX200 Digital Camera
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live installer
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11


Malwarebytes' Anti-Malware 1.10
Database version: 598

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 148702
Time elapsed: 54 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods

Re: HiJackThis Log

Unread postby dan12 » April 7th, 2008, 6:58 pm

You are sadly lacking in winows updates do you have your system configured for automatic windows updates?
I suggest you download all windows updates.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply




====================

Notes: The first time that the Deckard scanner is run, the extra.txt is generated in a minimized window. The second time you will not obtain the extra.txt. You must go to Start=>Run and copy the following "%userprofile%\desktop\dss.exe" /config in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.

post me the logs
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby Ladyjasmine » April 7th, 2008, 7:42 pm

I am set for automatic updates, as a matter of fact I checked with Microsoft just 2 days ago to make sure I was current on my updates. According to my add/remove updates, I updated on 3/31/08. I will give Deckard's System Scanner a try, and then try to reinstall my updates. Thank you so very much for your time. You are GREAT!!! I uninstall PCTools because it was not working right, I want to show you what a previous log looked like with the part that has PCTools. I don't know if that/this has anything to do with the update thing. Thank you so much again.

This is from HiJackFree on 4/01/04.
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods

Re: HiJackThis Log

Unread postby Ladyjasmine » April 7th, 2008, 7:59 pm

WOW!!! I dont' know what it mean's, but it doesn't look good! Thank you again for your time:)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 759.48 MiB / 492.67 MiB
Pagefile Memory (total/avail): 1917.45 MiB / 1732.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.57 MiB

C: is Fixed (NTFS) - 34.2 GiB total, 9.68 GiB free.
D: is Fixed (FAT32) - 4.07 GiB total, 0.93 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 2F040L0 - 38.28 GiB - 2 partitions
\PARTITION0 - Unknown - 4.08 GiB - D:
\PARTITION1 (bootable) - Installable File System - 34.2 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe:*:Disabled:Symantec Removal Utility"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-2S4KN5K0H3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-2S4KN5K0H3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-2S4KN5K0H3
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

a-squared Anti-Malware 3.1 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Enhancement Browser Tools Cpmsky --> C:\WINDOWS\system32\cpmsky-uninst.exe
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5460 / Warning
Event Submitted/Written: 04/07/2008 03:22:33 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80040154

Event Record #/Type5459 / Warning
Event Submitted/Written: 04/07/2008 03:21:50 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80040154

Event Record #/Type5457 / Error
Event Submitted/Written: 04/07/2008 03:21:00 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 489460778.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type5456 / Error
Event Submitted/Written: 04/07/2008 03:20:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shdocvw.dll, version 6.0.2900.3020, fault address 0x00095fee.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type5449 / Error
Event Submitted/Written: 04/07/2008 11:50:38 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shdocvw.dll, version 6.0.2900.3020, fault address 0x00095fee.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type67584 / Warning
Event Submitted/Written: 04/07/2008 03:19:55 PM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.251.134 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.

Event Record #/Type67577 / Error
Event Submitted/Written: 04/07/2008 03:19:51 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Visioneer LX200 Video Capture service failed to start due to the following error:
%%1058

Event Record #/Type67557 / Error
Event Submitted/Written: 04/07/2008 00:14:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Visioneer LX200 Video Capture service failed to start due to the following error:
%%1058

Event Record #/Type67551 / Warning
Event Submitted/Written: 04/07/2008 10:45:57 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type67539 / Error
Event Submitted/Written: 04/07/2008 08:59:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Visioneer LX200 Video Capture service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-04-07 16:50:36 ------------


Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-07 16:48:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
43: 2008-04-07 23:48:15 UTC - RP43 - Deckard's System Scanner Restore Point
42: 2008-04-07 19:47:01 UTC - RP42 - System Checkpoint
41: 2008-04-06 18:08:25 UTC - RP41 - Restore Operation
40: 2008-04-06 18:04:08 UTC - RP40 - Restore Operation
39: 2008-04-06 11:42:07 UTC - RP39 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-28 07:16:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:28 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UK9WHFKD\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{80663FC8-8DA7-467C-9B25-3C547456D653}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe

--
End of file - 4115 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080325-063925-104 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
backup-20080325-063925-141 R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080325-063925-191 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20080325-063925-224 R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
backup-20080325-063925-460 O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
backup-20080325-063925-463 O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
backup-20080325-063925-534 O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
backup-20080325-063925-595 O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
backup-20080325-063925-637 O2 - BHO: (no name) - {33A1EB33-A60E-44F0-AFFC-96A35F01B8DE} - C:\WINDOWS\system32\urqRJYoN.dll (file missing)
backup-20080325-063925-694 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
backup-20080325-063925-705 O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
backup-20080325-063925-713 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
backup-20080325-063925-727 O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
backup-20080325-063925-758 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
backup-20080325-063925-776 O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
backup-20080325-063925-796 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080325-063925-926 O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
backup-20080325-063925-968 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
backup-20080325-064055-130 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
backup-20080325-064055-412 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
backup-20080325-064055-736 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
backup-20080325-064055-957 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080325-064140-139 O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
backup-20080325-064208-864 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
backup-20080325-064444-332 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
backup-20080325-064444-588 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
backup-20080325-064444-919 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
backup-20080328-023256-224 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080328-023256-307 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080328-023256-486 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080328-023256-518 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080328-023256-696 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080328-023256-785 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
backup-20080328-023256-881 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080328-023620-147 O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
backup-20080328-023620-564 O20 - Winlogon Notify: cbXqOHYS - cbXqOHYS.dll (file missing)
backup-20080328-023620-809 O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_home
backup-20080328-023620-901 O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
backup-20080328-023824-485 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
backup-20080328-031515-275 O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
backup-20080328-031515-473 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080328-031515-694 O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
backup-20080328-031533-315 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
backup-20080328-031533-490 O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
backup-20080328-031548-852 O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
backup-20080328-041427-762 O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
backup-20080328-041446-453 O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
backup-20080328-041459-523 O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
backup-20080328-101805-512 O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
backup-20080329-081510-986 O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
backup-20080329-081651-693 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080329-081651-964 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080329-104844-794 O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
backup-20080329-142621-626 O4 - Global Startup: Microsoft Office.lnk = ?
backup-20080329-142621-735 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
backup-20080329-142623-530 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S2 CoachCap (Visioneer LX200 Video Capture) - c:\windows\system32\drivers\coachcap.sys <Not Verified; Zoran Microelectronics Ltd.; Zoran COACH>
S3 gtermddo - c:\docume~1\owner\locals~1\temp\gtermddo.sys (file missing)
S3 KBNTXP (Standard PS/2 Multi-Keyboard Filter Driver for WinXp) - c:\windows\system32\drivers\kbntxp.sys (file missing)
S3 P2k (Motorola iDEN P2k Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 09:31:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-07 and 2008-04-07 -----------------------------

2008-04-07 14:19:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-07 14:19:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 14:19:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 14:08:12 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-04-07 13:56:41 0 d-------- C:\Program Files\CCleaner
2008-04-06 14:56:14 0 d-------- C:\Program Files\Panda Security
2008-04-06 05:40:35 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-06 03:39:13 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-06 03:39:13 2550 --a------ C:\WINDOWS\unins000.dat
2008-04-06 03:10:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-03-31 22:18:55 0 d-------- C:\Documents and Settings\Owner\.limewire
2008-03-31 04:20:40 0 d-------- C:\Program Files\ACW
2008-03-30 19:34:22 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-30 19:31:59 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-30 18:43:57 0 d-------- C:\Program Files\MSECache
2008-03-29 20:18:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\PCToolsFirewallPlus
2008-03-29 20:18:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\PCToolsSpamMonitorPlus
2008-03-29 08:55:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-29 08:45:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-29 08:43:21 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-03-28 08:58:23 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-28 05:24:26 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-28 05:24:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-28 05:24:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-28 05:24:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-28 05:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-28 05:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-03-28 05:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-28 05:24:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-28 05:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-28 05:24:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-28 05:24:25 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-28 05:24:25 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-28 05:24:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-28 05:24:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-28 05:24:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-28 05:24:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-28 05:24:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-28 05:24:25 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-28 05:24:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-28 05:24:24 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-28 05:20:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-28 05:20:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-28 05:20:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-28 05:20:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-28 05:20:35 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-28 05:20:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-27 19:47:11 0 d-------- C:\Documents and Settings\Owner\Application Data\PCToolsSpamMonitorPlus
2008-03-27 19:18:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-03-27 19:18:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-03-27 19:14:37 0 d-------- C:\Program Files\PC Tools Internet Security
2008-03-27 12:21:18 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-03-26 15:00:36 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-03-26 12:17:40 32 --ahs---- C:\WINDOWS\system32\{80D76275-41FB-4A30-A274-4F388C93DEBB}.dat
2008-03-26 12:17:40 32 --ahs---- C:\WINDOWS\{193219E6-9149-436B-8376-3E73ECE41258}.dat
2008-03-26 12:16:15 32 --ahs---- C:\WINDOWS\system32\{64B0DB2A-9215-40CF-8587-0BB303F4F4E8}.dat
2008-03-26 12:16:15 32 --ahs---- C:\WINDOWS\{0EEC0737-EEF1-4FC2-BA1E-7BDD243670E2}.dat
2008-03-25 19:41:27 0 d-------- C:\Program Files\a-squared HiJackFree
2008-03-25 18:43:19 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-25 17:09:43 0 d-------- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
2008-03-25 08:03:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-25 06:02:36 0 d-------- C:\Program Files\Trend Micro
2008-03-25 03:28:45 0 d-------- C:\Program Files\Mamutu
2008-03-24 22:15:27 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-24 07:04:59 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-03-21 09:43:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 03:08:28 41472 --a------ C:\WINDOWS\system32\vtUmKBQJ.dll
2008-03-19 20:10:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-03-19 15:36:07 298173 --ahs---- C:\WINDOWS\system32\NoYJRqru.ini2
2008-03-19 15:34:31 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-03-19 15:31:09 0 d-------- C:\WINDOWS\system32\aqVreo18
2008-03-19 15:07:51 40713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-07 16:32:47 0 d-------- C:\Program Files\Lx_cats
2008-04-06 04:34:10 0 d-------- C:\Program Files\Common Files
2008-03-31 21:59:53 4001 --a----c- C:\WINDOWS\viassary-hp.reg
2008-03-28 09:09:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Comcast
2008-03-28 04:57:28 65424 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-27 19:03:43 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-03-27 16:19:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-26 17:05:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-25 16:05:53 0 d-------- C:\Program Files\Real
2008-03-25 16:05:53 0 d-------- C:\Program Files\Common Files\Real
2008-03-24 11:22:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 23:19:34 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-21 23:19:34 0 d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-03-21 23:15:23 0 d-------- C:\Program Files\ComcastToolbar
2008-03-19 18:29:34 0 d-------- C:\Program Files\WildTangent
2008-03-19 16:19:06 0 d-------- C:\Program Files\Common Files\scanner
2008-02-07 21:54:16 31 --a----c- C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 08:59 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [04/01/2008 06:29 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 01:43 PM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [09/12/2003 08:13 PM]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 09:03 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [02/24/2006 02:07 PM]
"lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [09/30/2005 07:49 AM]
"EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [04/19/2006 06:57 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MemoryCardManager"="C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe" [04/28/2003 06:29 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/27/2008 04:34 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRJYoN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe"




-- End of Deckard's System Scanner: finished at 2008-04-07 16:50:36 ------------
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods

Re: HiJackThis Log

Unread postby dan12 » April 8th, 2008, 2:25 am

Hi,
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

These are valid files.

I need to know a few things before we continue.Can you tell me what you have tried to resolve your issues, prior to posting.
Have you tried to fix entries with HJT ? It's just so I'm aware of what's been carried out.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby Ladyjasmine » April 8th, 2008, 5:16 am

Thank you for responding, again!!!
I have used HiJackThis, HiJackFree, SpyBot to try to fix my computer. I didn't write anything down at the time, so I don't know what all was deleted. I tried to play it safe as I am not familiar with the programs. I use A-Squared Security Center to scan for spyware. So far the quarantee has 131 files in it. I tried to print it, but was unable to do so. I used orginally had McAfee's, but that was deleted after I saw the mess I am in after a hijack log. Then I went to Norton's Internet Security Suite. That got infected files on it some how. I think maybe during a update, not really sure. Then I went to PCtools, and that just stopped being usefull. It would scan and not pick up a thing (I was really disappointed). I upgraded to Internet Explorer 7. Don't remember why, think there was a problem with the Internet Explorer version I was using. I tried to install Smitfraund but it was detected as spyware, so that never worked. I figured if the firewall says it is garbage, then it must be. I know I have tried one or two maybe three more programs, but don't know which ones. If I didn't use it, I deleted it last weekend (when Explorer and Installer were working). I now keep a log....this all started on March 26, 2008. Seeing's how Windows Installer and Windows Explorer are not working, I can not install alot of programs; seeings how they depend on Windows Installer. I have talked to Microsoft 3 times about the issue, but they couldn't help me. I just left a big, long email to Microsoft Support about my Windows Installer and Windows Explorer issues. I expect a phone call tomorrow.
I have not looked at the online version of my hijack logs since I have received your help, so I don't know how many of the trojans/worms/viruses have been deleted. I do have the paths for where most of them are sitting. I think I still have the Explorer.EXE file/trojan/worm/viruses in Startup/system.ini/Shell/Explorer.EXE. I am hoping that is the problem with Windows Explorer.
Right at this moment I am looking for a virus scanner to install. Which is hard, seeings how Windows Installer doesn't work. AVG didn't work, another error; this one about the registery key? I have decided that I need a tech book for XP, preferably the resource kit.
I don't know if this is the answer you were looking for, but I thought I better explain the full lenght version.
Thank you so very, very much for your help. I hope you have a great day.
Ginny
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods

Re: HiJackThis Log

Unread postby dan12 » April 8th, 2008, 6:08 am

Thanks for your reply,whilst were working on your problems please don't download any other tools as this could well conflict with what I'm doing.
You have tried running many tools which hasn't helped your situation.
Smitfraund is a good application if used correctly but using it on a system that doesn't have that particular infection and you run step two, you can loose your desktop.
The reason the a\v's flags it's files, is that they could be used for malicious intent by malware writers, but this is not the case here.
You have taken out a few files that are good even if HJT says missing file it's not necessarily missing.
I will look over the returned logs and get back to you hopefully later to see which course of action we will take.
I'm presently working so will be later.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby dan12 » April 8th, 2008, 6:20 pm

Hi,Ladyjasmine,

I have given your issues some thought and my best advice is for you to reformat this machine.I just wouldn't like to put a time limit on what we would need to get this system back to it's usable state.Your use of p2p sites could well of been the begining of your problems, although the sites can be clean there is no saying about the source of the files you receive.

If Microsoft have been unable to get you straightened out on the Explorer and Installer issues, an area of high expertise for them,then it's beyond a few fixes by myself.
A lot of the powerful tools you have used on this to resolve your issues have destabilize your system,probably irreparably.
If you don't have an idea what you have removed what chance have I.
It may of helped had you logged all you did when things started to deteriorate. I could spend weeks trying to get this right and still end up with a machine that doesn't operate correctly.

Have you backed up your data? I see you have a smaller drive.If you have backed up most of your data onto the smaller drive then you could just format the larger partition,and still save the data on the "D" partition.
If you have not been saving your data to the "D" partition, then you should start saving your important documents and pictures to CD, DVD, USB stick or an external drive and then reformat and reinstall your operating system.
If your not able to backup due to these issues then your only option is to save your data, remove your HD and slave it to another machine (would require setting your HD's jumpers to "slave") and then use the host machine to access the slaved drive and create the backups.

If that's too much for you to attempt, then you should take the HD into a local shop and have them pull off your data. Then you can reinstall your old HD (or better yet a new larger one) and reformat and do a fresh install of the OS. If you get a new HD, you could still install the old one as a slave, reformat it, and use it for data storage.
I'm sorry to have to give this news but this is my honest opinion and in your best Interest.
Regards dan :)
Last edited by dan12 on April 9th, 2008, 8:30 am, edited 1 time in total.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HiJackThis Log

Unread postby Ladyjasmine » April 8th, 2008, 8:09 pm

Dan,
I want to thank you for your help. I was hoping I would not have to format my hard drive. I only have my recovery disks that I made when I first got the computer, Windows XP was already installed. I will try to do a full recovery and see what happens. I don't have another computer that is working to make this hard disk a slave, but that is a good idea. I don't know why I ddin't think of that earlier. I'll drop you a line after I attempt a system recovery. Never done it before, so we'll see what happens.
You have helped me so much and I thank you for your time. I hope you have a great day.
Ginny
Ladyjasmine
Regular Member
 
Posts: 22
Joined: April 7th, 2008, 12:16 pm
Location: California Coastal Redwoods

Re: HiJackThis Log

Unread postby dan12 » April 9th, 2008, 8:26 am

That's ok, I will keep the thread open for a short time, I will post a link later for guidance in reformating.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware