Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow starting and firewall problem in my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow starting and firewall problem in my computer

Unread postby booy3 » August 18th, 2007, 1:54 pm

Hi
When I turn on my computer It work very slowly.
And some time shows that firewall is off but, when I open the setting of it, it show on.
What should I do ?

Logfile of HijackThis v1.99.1
Scan saved at 08:31:23 م, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\WindowZones\WindowZones.sys
D:\Program Files\WindowZones\WindowZones.sys
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\WindowZones\WindowZones.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\Program Files\WindowZones\WindowZones.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\BURAQ\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.133.10:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WindowZones] D:\Program Files\WindowZones\WindowZones.exe -startminimize
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: Download with &Shareaza - res://D:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra button: C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\Program Files\C-SMS\c-sms.exe (file missing)
O9 - Extra 'Tools' menuitem: Send an SMS using C-SMS - {C1E3533C-70F6-4f36-B97C-032C8A5EE759} - C:\Program Files\C-SMS\c-sms.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) - http://75.126.208.168/imscp/talkc38.cab
O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) - http://www.anb.com.sa/onlinebanking/anb.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://209.11.244.90/talk.cab
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - http://voice4.emkanat.com/cp/files/talk3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E571A7F-F608-4B8F-8EDC-A32ED999DA3C}: NameServer = 212.93.192.4,212.93.192.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dha.aramco.com.sa
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dha.aramco.com.sa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dha.aramco.com.sa
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~2\MSGRAP~1.DLL
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O20 - Winlogon Notify: nnnommm - nnnommm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\3dsmax7\brazil\sfmgr\sfmgr.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - D:\Program Files\WindowZones\WindowZones.sys
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm
Advertisement
Register to Remove

Unread postby booy3 » August 19th, 2007, 3:50 am

I can't wait. Plese tell me.
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby Elrond » August 21st, 2007, 12:30 pm

Hi and wellcome to Malware Removal Forum.

I'm Elrond, I'll be glad to help you with your computer problems.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please only use this topic for your replies on this problem. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default) Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) each week.

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.



I can see that you have more than one antivirus program running. This is a case where more is not better. The antivirus programs do hook deep;y into Windows and they can interfere with each other in unprdictable ways.
If you know how to remove the Antivirus programs that you do not want to use that is fine. Else we will discuss how to do so in the next post.


Your HijackThis is not the latest and it is not in a good place. The simplest way to correct this is to do the following.

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required


Open "HijackThis". Click on "Open Misc.Tool Section".
Use the scroll bar on the right and scroll down to "Open Uninstall Manager". Click it.
On the right you will find "Save List". Click it.
The log that you just saved will appear.
Use "Copy" and "Paste" to add it to your next post.


Please run a new HijackThis scan and post the log together with the Uninstall list.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby booy3 » August 21st, 2007, 3:22 pm

3ds max 7
7-Zip 4.42
ACDSee 6.0 PowerPack
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 6.0
Adobe Premiere 6.0
Adobe Reader 7.0
Adobe Shockwave Player
Adobe SVG Viewer
Advanced RAR Repair v1.2
Advanced RealMedia Export Plug-in for Premiere 6.0
Advanced Zip Repair v1.6
Advanced Zip Repair v1.8
AmazingMIDI
Ant Renamer
Aspi Installer
AV Voice Changer Software 3.0
AVG Anti-Spyware 7.5
BearShare
BenVista PhotoZoom Pro 2.2.6
BitComet 0.73
BitComet Accelerator 3.2
BrainsBreaker
Cleaner 5 EZ
C-Media 3D Audio
C-Media WDM Audio Driver
DietMP3 V3.00.01
DivX Player
English
Extension Changer
Fake Webcam 2.9.16
FaxTools
File Transfer Plus 1.1 RELEASE
FLV Player
Game Maker 6.1
GoldWave v5.14
GTA LX
Hex Workshop v4.23
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HSP56 Modem Drivers
IsoBuster 2.1
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6
KGB Archiver 1.1.0.17
KGB Archiver 2
K-Lite Mega Codec Pack 3.3.0
Language pack for Ad-Aware SE
LeapFTP
Lexmark X1100 Series
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia FreeHand MXa
McAfee VirusScan Enterprise
Messenger Plus! 3
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Motocross Madness Trial
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
MIKSOFT Mobile AMR converter
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Need For Speed - Porsche Unleashed Demo
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries Music Manager
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
Paltalk Messenger
Paltalk Messenger
PBP Unpacker v0.94
PC Connectivity Solution
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
PSP Brew 0.80
PSP Video 9 1.37
Quick Screen Recorder 1.5
QuickTime
Rapidown 5.9 SE - http://www.rapidown.com
Rapidshare Unlimited 2.0
RealPlayer
Reasonable NoClone 2007 Enterprise
Replay Converter 2.20
Rhapsody Player Engine
Ricochet Lost Worlds: Recharged
RM to MP3 Converter 1.32
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Save Flash 2.4.20
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update لـ Microsoft .NET Framework 2.0 (KB928365)‎
Shareaza الإصدار 2.2.5.5
SISXplorer
SmartMovie Converter
SmartMovie Converter (for Symbian phones)
SmartMovie Converter (Series 60)
SonicStage 4.0
Spyware Doctor 5.0
SpywareBlaster v3.5.1
Steinberg WaveLab 3.04c
StuffPlug-NG (Messenger Plus! Plugins)
SubFind 1.5
SubSync
SubSync (C:\Program Files\SubSync\)
Subtitle Workshop 2.51
Theme Editor 6600
TMPGEnc 3.0 XPress
TuneUp Utilities 2003
UHARC/GUI v3.06 Beta-3
Ulead COOL 360
Ulead Photo Explorer 8.5
Ulead PhotoImpact 10
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
UniChrome IGP Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
VIA Rhine-Family Fast Ethernet Adapter
VobSub v2.23 (Remove Only)
Vocaboly 2.1
WebZIP
WinAVI
WinAVIVideoConverter
Window Washer
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 MUI
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WindowZones 1.0
WinRAR archiver
WinZip
YouTube Downloader 2.4
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Sorry

Unread postby booy3 » August 21st, 2007, 3:40 pm

I am so sorry

Wrong Place

I can not delete this post


:cry: :cry: :cry: I'm very sorry
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby booy3 » August 21st, 2007, 3:42 pm

3ds max 7
7-Zip 4.42
ACDSee 6.0 PowerPack
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 6.0
Adobe Premiere 6.0
Adobe Reader 7.0
Adobe Shockwave Player
Adobe SVG Viewer
Advanced RAR Repair v1.2
Advanced RealMedia Export Plug-in for Premiere 6.0
Advanced Zip Repair v1.6
Advanced Zip Repair v1.8
AmazingMIDI
Ant Renamer
Aspi Installer
AV Voice Changer Software 3.0
AVG Anti-Spyware 7.5
BearShare
BenVista PhotoZoom Pro 2.2.6
BitComet 0.73
BitComet Accelerator 3.2
BrainsBreaker
Cleaner 5 EZ
C-Media 3D Audio
C-Media WDM Audio Driver
DietMP3 V3.00.01
DivX Player
English
Extension Changer
Fake Webcam 2.9.16
FaxTools
File Transfer Plus 1.1 RELEASE
FLV Player
Game Maker 6.1
GoldWave v5.14
GTA LX
Hex Workshop v4.23
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HSP56 Modem Drivers
IsoBuster 2.1
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6
KGB Archiver 1.1.0.17
KGB Archiver 2
K-Lite Mega Codec Pack 3.3.0
Language pack for Ad-Aware SE
LeapFTP
Lexmark X1100 Series
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia FreeHand MXa
McAfee VirusScan Enterprise
Messenger Plus! 3
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Motocross Madness Trial
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
MIKSOFT Mobile AMR converter
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
Need For Speed - Porsche Unleashed Demo
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries Music Manager
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
Paltalk Messenger
Paltalk Messenger
PBP Unpacker v0.94
PC Connectivity Solution
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
PSP Brew 0.80
PSP Video 9 1.37
Quick Screen Recorder 1.5
QuickTime
Rapidown 5.9 SE - http://www.rapidown.com
Rapidshare Unlimited 2.0
RealPlayer
Reasonable NoClone 2007 Enterprise
Replay Converter 2.20
Rhapsody Player Engine
Ricochet Lost Worlds: Recharged
RM to MP3 Converter 1.32
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Save Flash 2.4.20
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update لـ Microsoft .NET Framework 2.0 (KB928365)‎
Shareaza الإصدار 2.2.5.5
SISXplorer
SmartMovie Converter
SmartMovie Converter (for Symbian phones)
SmartMovie Converter (Series 60)
SonicStage 4.0
Spyware Doctor 5.0
SpywareBlaster v3.5.1
Steinberg WaveLab 3.04c
StuffPlug-NG (Messenger Plus! Plugins)
SubFind 1.5
SubSync
SubSync (C:\Program Files\SubSync\)
Subtitle Workshop 2.51
Theme Editor 6600
TMPGEnc 3.0 XPress
TuneUp Utilities 2003
UHARC/GUI v3.06 Beta-3
Ulead COOL 360
Ulead Photo Explorer 8.5
Ulead PhotoImpact 10
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
UniChrome IGP Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
VIA Rhine-Family Fast Ethernet Adapter
VobSub v2.23 (Remove Only)
Vocaboly 2.1
WebZIP
WinAVI
WinAVIVideoConverter
Window Washer
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 MUI
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WindowZones 1.0
WinRAR archiver
WinZip
YouTube Downloader 2.4
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby booy3 » August 21st, 2007, 4:04 pm

In Safe mode I have 2 accounts.
But in Normal only one
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby Elrond » August 21st, 2007, 5:49 pm

That is normal. I moved your misplaced posts here. That is why you see a double entry of the same post. Too late for me to start working on your log tonight. If I read your log correctly we are in the same time zone.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby booy3 » August 22nd, 2007, 7:10 am

Thanks for help again.
Thats was :oops:
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby Elrond » August 22nd, 2007, 3:05 pm

Saalam Aleiqum

That is about as much Arabic as I know which has given me a bit of problem because some of the programs on your computer are arabic programs.

So far I have not found many problems on your computer but there are a few points that are worth looking into.


I do not see a firewall on your computer. Are you running Windows Firewall or do you have a 3rd party firewall?

When does the firewall tell you that it is not on? Some firewalls do tell you that they are not running during part of the start up process.


You have a lot of p-2-p and filesharing programs on the computer. I have found the following:
Shareaza ??????? 2.2.5.5
Rapidown 5.9 SE - http://www.rapidown.com
Rapidshare Unlimited 2.0
BearShare
BitComet 0.73
BitComet Accelerator 3.2

Many filesharing programs are carrying infections. You can check them out here http://p2p.malwareremoval.com/

Even if they are clean they are a high risk for infections. Many of the files that are being posted on the internet file sharing sites are infected and will infect you computer. It is one of the most common ways of getting infected.

If you decide to remove one or more of them the easiest way to do so is to Click Start>Run type in appwiz.cpl and hit Enter. From the list above find the program you want to remove and highlight it. Click Remove. Once you have finished removing the programs you want to remove please close the Add/Remove list. Restart the computer.

Under all circumstances please do not use any one of those programs while we are cleaning up.


In my last post I asked you to do a new HijackThis scan.
Please do so now and post the log in your next post. That way I can see what needs to be done next.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby booy3 » August 22nd, 2007, 4:26 pm

I am running Windows Firewall

Some firewalls do tell you that they are not running during part of the start up process.


Is Windows Firewall one of them ?
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby Elrond » August 22nd, 2007, 11:07 pm

Not sure and can not test it at the moment as I am running another firewall that would interfer with it if I tried.
Try telling me what you are doing on the computer at the time you see the warning about the firewall not being on.

The most important at the moment is that you post a new HijackThis log so that I can see where we are at now.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby booy3 » August 23rd, 2007, 7:38 am

I know now. My firewall shows off in the start up process.
I want now to check if my computer clean or not?
because my start up now is normal.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:36:03 م, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\WindowZones\WindowZones.sys
D:\Program Files\WindowZones\WindowZones.sys
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\WindowZones\WindowZones.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\Program Files\WindowZones\WindowZones.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.133.10:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WindowZones] D:\Program Files\WindowZones\WindowZones.exe -startminimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://D:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) - http://75.126.208.168/imscp/talkc38.cab
O16 - DPF: {630F2610-7654-11D1-83E3-0080C71A8794} (ANB Direct) - http://www.anb.com.sa/onlinebanking/anb.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://209.11.244.90/talk.cab
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} - http://voice4.emkanat.com/cp/files/talk3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E571A7F-F608-4B8F-8EDC-A32ED999DA3C}: NameServer = 212.93.192.4,212.93.192.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dha.aramco.com.sa
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dha.aramco.com.sa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dha.aramco.com.sa
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O20 - Winlogon Notify: nnnommm - nnnommm.dll (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\3dsmax7\brazil\sfmgr\sfmgr.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - D:\Program Files\WindowZones\WindowZones.sys

--
End of file - 10081 bytes
booy3
Active Member
 
Posts: 9
Joined: August 18th, 2007, 1:33 pm

Unread postby Elrond » August 23rd, 2007, 9:40 am

I do not see anything that points to an infection but I would like to ask a question, run two scans and do some housekeeping cleanup.


  1. Do you use a proxy server and if so is it situated in Australia. If you do not know that is OK.
  2. Press Control-Alt-Del to enter the Task Manager.

    Click on the Processes tab and end the following process:
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    Exit the Task Manager when finished.

  3. Open HijackThis and click "Do a System Scan Only" or "Scan". Put a check mark by the items that are listed below.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    Close all open windows except HijackThis and then click the "Fix checked" button.
  4. Restart the computer.
  5. AVG Anti-Spyware - 1st Part

    You already have AVG Antispyware on your computer. Please open the it now and update the program by doing the following:
    • Click the Update icon at the top and under Manual Update click the Start update button.
    • The program will either update or inform you that no update was available.
    • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).


    Please set up the program as follows:
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act? - make sure that Quarantine is selected.
      • Under How to scan? - All checkboxes should be ticked.
      • Under Possibly unwanted software - All checkboxes should be ticked.
      • Under Reports - Select Do not automatically generate reports.
      • Under What to scan? - Select Scan every file.
    Close all open windows.

    AVG Anti-Spyware - 2nd Part

    • Click on Scanner on the toolbar.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan your computer.
    • When the scan has finished, follow the instructions below:
      • Make sure that Set all elements to: shows Quarantine
      • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
      • When the program has finished, it will display the message All actions have been applied.
      • Then click the Save Scan Report button.
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Tray Icon and select Exit.
    • Now copy the report back to this topic.
  6. Go here to run an online scannner from Kaspersky.

    • Click on "Kaspersky Online Scanner"
    • A new smaller window will pop up. Press on "Accept". After reading the contents.
    • Now Kaspersky will update the anti-virus database. Let it run.
    • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
    • Then click on "My Computer", and the scan will start.
    • Once finished, save the log as "KAV.txt" to the desktop.
  7. Run a new HijackThis scan and post the log together with the log from AVG Antispyware and from the Kaspersky scan. Please also give me an answer to my question.


If the logs come back clean I will give you some tips on how to stay clean and that will be it. :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby NonSuch » September 4th, 2007, 5:07 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware