Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unable to turn on automatic updates

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unable to turn on automatic updates

Unread postby cjenkins » August 18th, 2008, 11:12 pm

hi,
I've got a notification that automatic updates is turned off and I'm not able to turn it on by following the instructions provided by WinXP. Browser loads webpages unexepectedly. Zone Alarm has found and deleted several malicious files but I don't feel malware is gone. My hijackthis log is below. Any/all help is appreciated. --Chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:18 PM, on 8/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Aimsoft\AIM Keys 5\AimKeys.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CursorAttention\CursorAttention.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Web CEO\BIN\wsceokrnl.dll
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
F:\Chris\Downloads\Software\Full Versions\hijackthis\New Folder\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html ... &M=NX860XL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AIMKeys] C:\Program Files\Aimsoft\AIM Keys 5\AimKeys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Web CEO] "C:\Program Files\Web CEO\BIN\webceo.exe" /hidetotray
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to CursorAttention.exe.lnk = C:\Program Files\CursorAttention\CursorAttention.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\APILOT\Application Data\Mozilla\Firefox\Profiles\onb6znxm.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\APILOT\Application Data\Mozilla\Firefox\Profiles\onb6znxm.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9607 bytes
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm
Advertisement
Register to Remove

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 5:47 am

Hi cjenkins

Does ZoneAlarm also have antivirus?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 9:13 am

yes it does
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 10:09 am

Thank you for information.

Rename HijackThis.exe to cjenkins.exe and post back a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 11:09 am

Logfile of HijackThis v1.98.2
Scan saved at 11:05:06 AM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Aimsoft\AIM Keys 5\AimKeys.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CursorAttention\CursorAttention.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Web CEO\BIN\wsceokrnl.dll
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
F:\Chris\Downloads\Software\Full Versions\hijackthis\hijackthis\cjenkins.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html ... &M=NX860XL
O2 - BHO: (no name) - {0BC723F4-60E8-4388-AE62-011751CABF16} - C:\WINDOWS\system32\fccyaaAr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E9BA1BCD-014D-4B7A-972C-3597D75EC0A0} - C:\WINDOWS\system32\vtUlLDUM.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Web CEO] "C:\Program Files\Web CEO\BIN\webceo.exe" /hidetotray
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - Startup: Shortcut to CursorAttention.exe.lnk = C:\Program Files\CursorAttention\CursorAttention.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 11:11 am

You sent HijackThis log taken with version 1.98.2

Please rename this F:\Chris\Downloads\Software\Full Versions\hijackthis\New Folder\hijackthis.exe to cjenkins.exe and post back a fresh HijackThis log with that version :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 11:24 am

oops...hold on....
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 11:27 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:41 AM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Aimsoft\AIM Keys 5\AimKeys.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\CursorAttention\CursorAttention.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Web CEO\BIN\wsceokrnl.dll
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
F:\Chris\Downloads\Software\Full Versions\hijackthis\New Folder\cjenkins.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html ... &M=NX860XL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BC723F4-60E8-4388-AE62-011751CABF16} - C:\WINDOWS\system32\fccyaaAr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E9BA1BCD-014D-4B7A-972C-3597D75EC0A0} - C:\WINDOWS\system32\vtUlLDUM.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AIMKeys] C:\Program Files\Aimsoft\AIM Keys 5\AimKeys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Web CEO] "C:\Program Files\Web CEO\BIN\webceo.exe" /hidetotray
O4 - HKCU\..\Run: [GBMHome8Agent] C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
O4 - HKUS\S-1-5-21-1183141855-3977862808-1708687539-1006\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\S-1-5-21-1183141855-3977862808-1708687539-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1183141855-3977862808-1708687539-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Shortcut to CursorAttention.exe.lnk = C:\Program Files\CursorAttention\CursorAttention.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\APILOT\Application Data\Mozilla\Firefox\Profiles\onb6znxm.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\APILOT\Application Data\Mozilla\Firefox\Profiles\onb6znxm.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: fccyaaAr - C:\WINDOWS\SYSTEM32\fccyaaAr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10881 bytes
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 11:29 am

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 12:15 pm

I'm running XP sp3
The microsoft site doesn't list an option for that.
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 12:51 pm

You can use SP2 one for recovery console; it will work.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 1:26 pm

due to the fact that I've had compatibility issues with sp3 for some other things, I've now removed sp3
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 1:32 pm

Thanks for the info.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: unable to turn on automatic updates

Unread postby cjenkins » August 20th, 2008, 3:13 pm

realized that I started the scan before I turned off zone alarm, which quarantined something during the scan so after the initial scan completed, I re ran the combo fix by double clicking on the combofix icon. the following is the log from the second scan


ComboFix 08-08-19.02 - APILOT 2008-08-20 14:40:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1478 [GMT -4:00]
Running from: C:\Documents and Settings\APILOT\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\winsusrm.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-18 10:53 . 2008-08-18 10:53 <DIR> d-------- C:\WTablet
2008-08-15 00:25 . 2008-08-15 00:25 0 --a------ C:\WINDOWS\system32\FaxMan
2008-08-15 00:24 . 2008-08-17 18:32 <DIR> d-------- C:\Program Files\Fax Machine
2008-08-13 04:50 . 2007-08-21 02:15 683,520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 04:50 . 2008-05-01 10:33 331,776 --a--c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 16:46 . 2008-08-10 16:46 <DIR> d-------- C:\Program Files\TouchGraph
2008-08-08 07:29 . 2008-08-08 07:29 <DIR> d-------- C:\Program Files\Microsoft adCenter Add-in for Excel 2.0 (Beta)
2008-08-08 07:26 . 2008-08-08 07:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-08-08 07:25 . 2008-08-08 07:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-08-08 07:24 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-08-05 20:46 . 2008-08-05 20:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-05 20:46 . 2008-08-05 20:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-08-05 20:45 . 2008-04-13 20:11 21,504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll
2008-08-05 20:24 . 2007-08-31 15:13 1,421,736 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-05 20:24 . 2007-08-31 15:15 18,856 --a------ C:\WINDOWS\system32\drivers\nuidfltr.sys
2008-08-05 20:23 . 2008-08-05 20:24 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-08-04 21:39 . 2008-08-05 20:19 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-04 15:43 . 2008-08-20 14:45 <DIR> d-------- C:\Documents and Settings\APILOT\Application Data\WTablet
2008-07-28 16:35 . 2008-07-28 16:35 <DIR> d-------- C:\Documents and Settings\APILOT\Application Data\MailFrontier
2008-07-28 16:28 . 2008-08-20 14:47 20,138,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-28 16:28 . 2008-08-20 14:43 272,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-28 16:24 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-07-28 16:23 . 2008-08-20 13:09 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-28 16:23 . 2008-07-28 16:23 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-28 16:23 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-07-27 09:47 . 2008-07-27 09:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-23 16:46 . 2008-07-27 15:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\WTablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 15:30 --------- d-----w C:\Program Files\SEOSpyGlass
2008-08-20 12:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\WTablet
2008-08-13 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-09 22:55 --------- d-----w C:\Documents and Settings\APILOT\Application Data\Apple Computer
2008-08-08 11:27 --------- d-----w C:\Program Files\MSBuild
2008-08-07 10:28 --------- d-----w C:\Program Files\WebSiteAuditor
2008-08-06 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 13:47 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 12:16 166,594 ----a-w C:\2008-07-14.zip
2008-07-10 04:19 --------- d-----w C:\Program Files\Java
2008-06-27 16:39 --------- d-----w C:\Documents and Settings\APILOT\Application Data\Report Viewer
2008-06-25 13:55 --------- d-----w C:\Documents and Settings\APILOT\Application Data\FireShot
2008-06-25 13:53 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\System Restore
2008-06-22 18:15 --------- d-----w C:\Program Files\CursorAttention
2008-06-22 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-22 16:21 --------- d-----w C:\Program Files\SlySoft
2008-06-22 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-12-05 19:55 56,912 ----a-w C:\Documents and Settings\APILOT\g2mdlhlpx.exe
2008-07-28 19:20 27,976 ------w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-07-28 19:20 125,848 ------w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2008-07-28 19:20 98,712 ------w C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
2007-06-23 20:16 88 --sha-r C:\WINDOWS\system32\433045E7CD.sys
2007-06-23 20:16 3,452 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-20_14.13.10.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 02:10:48 94,920 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\cdm.dll
+ 2008-07-19 02:09:44 563,912 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuapi.dll
+ 2008-07-19 02:10:42 53,448 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuauclt.exe
+ 2008-07-19 02:09:42 1,811,656 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuaueng.dll
+ 2008-07-19 02:09:46 325,832 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wucltui.dll
+ 2008-07-19 02:10:20 36,552 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wups.dll
+ 2008-07-19 02:10:40 45,768 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wups2.dll
- 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 02:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 02:09:44 563,912 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.784\wuapi.dll
+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 02:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 02:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 02:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2008-08-20 17:15:26 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
+ 2008-08-20 18:30:02 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2008-08-20 18:02:45 862,300 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-08-20 18:44:59 862,636 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Web CEO"="C:\Program Files\Web CEO\BIN\webceo.exe" [2007-11-06 12:28 497152]
"GBMHome8Agent"="C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-08-01 08:32 189056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 23:58 7581696]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47 688218]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-09-14 16:00 577536]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46 172032]
"AIMKeys"="C:\Program Files\Aimsoft\AIM Keys 5\AimKeys.exe" [2006-09-12 17:47 3510272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-27 09:46 185896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 15:13 988584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-13 04:23 282624 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2006-07-20 23:58 1519616 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\APILOT\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
Shortcut to CursorAttention.exe.lnk - C:\Program Files\CursorAttention\CursorAttention.exe [2008-06-22 14:15:14 43008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 12:26:12 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyaaAr]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
--a------ 2004-02-08 19:30 73728 C:\Program Files\Gateway\GWCares\gwcares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2003-02-27 02:40 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2003-02-27 02:12 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 FAMv4;FAMv4;C:\WINDOWS\system32\DRIVERS\FAMv4.sys [2008-04-09 10:36]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 14:40]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 19:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 15:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 14:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 20:11]
S3 AnonMgmtSvc;Anonymizer Management Service;C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2007-10-22 05:14]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-08 04:55]
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-20 C:\WINDOWS\Tasks\GBMHome8 Task - apilot files(1).job
- C:\Program Files\Genie-Soft\GBMHome8\GBM8.exe [2008-08-01 08:32]

2008-08-20 C:\WINDOWS\Tasks\GBMHome8 Task - apilot files.job
- C:\Program Files\Genie-Soft\GBMHome8\GBM8.exe [2008-08-01 08:32]

2008-08-20 C:\WINDOWS\Tasks\McAfee.com Update Check (NT AUTHORITY-SYSTEM).job
- c:\PROGRA~1\mcafee.com\agent\mcupdate.exe []

2008-08-20 C:\WINDOWS\Tasks\McAfee.com Update Check (NT AUTHORITY-SYSTEM).job
- c:\PROGRA~1\mcafee.com\agent []

2008-08-20 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-5E2704140D-Administrator).job
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe []

2008-08-20 C:\WINDOWS\Tasks\McAfee.com Update Check (YOUR-5E2704140D-Administrator).job
- C:\PROGRA~1\mcafee.com\agent []

2008-08-06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe []

2008-08-06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 15:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0BC723F4-60E8-4388-AE62-011751CABF16} - (no file)
BHO-{E9BA1BCD-014D-4B7A-972C-3597D75EC0A0} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\APILOT\Application Data\Mozilla\Firefox\Profiles\onb6znxm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npkapanga.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 14:47:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\winsusrm.dll 264 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Aimsoft\AIM Keys 5\HookDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Web CEO\BIN\wsceokrnl.dll
.
**************************************************************************
.
Completion time: 2008-08-20 14:58:46 - machine was rebooted [APILOT]
ComboFix-quarantined-files.txt 2008-08-20 18:58:22
ComboFix2.txt 2008-08-20 18:14:27

Pre-Run: 48,629,116,928 bytes free
Post-Run: 48,613,449,728 bytes free

266 --- E O F --- 2008-04-09 11:35:47
cjenkins
Regular Member
 
Posts: 16
Joined: August 18th, 2008, 10:45 pm

Re: unable to turn on automatic updates

Unread postby Shaba » August 20th, 2008, 3:53 pm

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware