confused and out of steam

sasysusie · November 2, 2007, 2:59am

Help, I to have a visus i cannot get rid of. I have ran Avast in safe mode and moved any torjan found to the chest and still have same problems when i reboot. I am recieving out of control popups come just advertisement and some real eye opening pron ads. I recieve severl Avast found Trojan Virus several times a day, i move them to the chest when it lets me. I have also ran steps 1,2,4 and 5 of Dmitfraudfix.exe and i ran a FixVundo. With the Fix Vundo it claimed i was clean. I know i am not as i am still getting pops galore and virus alerts and a very slowwww running computer. Here is a list of some the Virus’s that have been detected but this is just a small sample as i ahve been trying to fix this for some time now.
c:\system volume information_restore e{DDE3EB95-4B24-4D38-1F974B96C2FO}RP595\A0112546.exe is infected by Win32:small-AHY [trj],
another in the same file but ends with RP609\A0118594.exe is infected by win32:downloader-ID [trj]
c:\windows\system 32\nwinpmdt.exe. Win32:downloader-1B [trj]
c:\windows\system 32\xroomfb.dll malware name win32:Trojan-gen (other)
c:\docume~t\hp_owner\locals~1\temp\orikxrvx.exe malware name Win 32:Agent-Lap [trj}
I found and tried to follow help you gave to others that had similar sounding problems as mine but i encountered a problem there too… In step #2 it said to clean your temporary files by using windows advnaces care. When i went to the site to download it in the upper left hand corner of my computer a very tiny window opens very briefly… the upper line says HTT and the lower line of box says unknown zone. My feeling is that is the virus or trohan intercepting and somehow making the tools and programs i download to fix it not work for me. this had happened many times as i try to down load fixes for this. Is that possible for it to intercept the downloads and make itself appear to be safe? Is this type of virus dangerous to my personal information on this computer? Please give me some ideas what i can do show of taking a torch to it! Thank you for your help and i hope i made some sense at all.
Thank you
Susie

oldman960 · November 2, 2007, 4:28am

Hi, welcome to the forum. Let’s try and see what you have going on.

Download superantispyware

First update SAS Then

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quaranine.

leave the others unchecked.

Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quaretine everthing found . Reboot if asked. You can post the log in your next reply if you wish.

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

You may have to use multiple post for the hijackthis log.

sasysusie · November 2, 2007, 12:42pm

Thank you for the reply Oldman, it gave me a place to start anyway, I ran the Superantispyware and have a long list of threats abiut 214 or so several being trojans…ugh! I will enclose that report on a seperate reply as it is long. I was ready for the next step you gave me where it says “Click here” to download HTJsetup.exe i received this error message and ince i did not have a url on this site i am not sure where to from here hopefully you can advise me.

Error 404 File Not found
You were referred from http://forum.avast.com/index.php?topic=31261.0 Your IP is: 75.140.17.71
We are very sorry for any inconvenience
you will find some things have been moved

please start from the Index page and follow the links from there

Thanks for visiting and we are still here to help you with your spyware & Virus problems

http://www.thespykiller.co.uk/

You were looking for /files/HJTsetup.exe This was most likely a file that was moved.
if the url was http://www.thespykiller.co.uk/files/name of file Please change files to filesold in the link to get to it
Ill go to a new reply page and paste the log to you from the antidpyware check as well… Thank you for taking your time to help me!
Susie

oldman960 · November 2, 2007, 12:45pm

Ok, you can get hijackthis here

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

sasysusie · November 2, 2007, 12:57pm

This is my Scan Log from the Superantispyware and i did quarantine all items and there were a bunch!!! Its so long this log i have to send it in 2 steps

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2007 at 04:50 AM

Application Version : 3.9.1008

Core Rules Database Version : 3336
Trace Rules Database Version: 1337

Scan type : Complete Scan
Total Scan Time : 06:04:14

Memory items scanned : 592
Memory threats detected : 4
Registry items scanned : 6741
Registry threats detected : 50
File items scanned : 102452
File threats detected : 160

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\SSQQOPO.DLL
C:\WINDOWS\SYSTEM32\SSQQOPO.DLL
HKLM\Software\Classes\CLSID{232D2677-68EE-4FA1-B988-279EBC8969ED}
HKCR\CLSID{232D2677-68EE-4FA1-B988-279EBC8969ED}
HKCR\CLSID{232D2677-68EE-4FA1-B988-279EBC8969ED}\InprocServer32
HKCR\CLSID{232D2677-68EE-4FA1-B988-279EBC8969ED}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID{7953697B-BBF3-4277-8BD4-4EB843959415}
HKCR\CLSID{7953697B-BBF3-4277-8BD4-4EB843959415}
HKCR\CLSID{7953697B-BBF3-4277-8BD4-4EB843959415}\InprocServer32
HKCR\CLSID{7953697B-BBF3-4277-8BD4-4EB843959415}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID{89AD4D75-2429-462e-BD4E-443F233F6033}
HKCR\CLSID{89AD4D75-2429-462E-BD4E-443F233F6033}
HKCR\CLSID{89AD4D75-2429-462E-BD4E-443F233F6033}\InprocServer32
HKCR\CLSID{89AD4D75-2429-462E-BD4E-443F233F6033}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{232D2677-68EE-4FA1-B988-279EBC8969ED}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7953697B-BBF3-4277-8BD4-4EB843959415}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{89AD4D75-2429-462e-BD4E-443F233F6033}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9E236271-0D05-4800-94DF-E16F7E061612}
HKCR\CLSID{9E236271-0D05-4800-94DF-E16F7E061612}
HKCR\CLSID{9E236271-0D05-4800-94DF-E16F7E061612}\InprocServer32
HKCR\CLSID{9E236271-0D05-4800-94DF-E16F7E061612}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDAYA.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E9BD0828-1FD9-410C-A50F-43EBE65D310F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{232D2677-68EE-4FA1-B988-279EBC8969ED}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssqqopo
HKCR\CLSID{232D2677-68EE-4FA1-B988-279EBC8969ED}
HKCR\CLSID{89AD4D75-2429-462E-BD4E-443F233F6033}

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\MLJGF.DLL
C:\WINDOWS\SYSTEM32\MLJGF.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\YYTMRDFH.DLL
C:\WINDOWS\SYSTEM32\YYTMRDFH.DLL

Adware.ZenoSearch-NVON
C:\WINDOWS\SYSTEM32\LODSRNGL.EXE
C:\WINDOWS\SYSTEM32\LODSRNGL.EXE
[{D8-86-6F-F2-ZN}] C:\WINDOWS\SYSTEM32\LODSRNGL.EXE
C:\WINDOWS\Prefetch\LODSRNGL.EXE-2BD72C4F.pf

Trojan.ZenoSearch
[ExploreUpdSched] C:\WINDOWS\SYSTEM32\NWINPMDQ.EXE
C:\WINDOWS\SYSTEM32\NWINPMDQ.EXE
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\SYSTEM32\NWINPMDS.EXE
C:\WINDOWS\Prefetch\NWINPMDQ.EXE-09749224.pf

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgi-bin[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@directtrack[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@enhance[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@3.adbrite[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sexbuddies[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-verizoncommunications.hitbox[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstnet[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@azjmp[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats1.reliablestats[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-wyndhamvacationownership.hitbox[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[8].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eyewonder[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[5].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@xmlrevenue[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@angleinteractive.directtrack[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@specificclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[7].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[6].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.specificclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.ppctracking[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.try2findclicks[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tremor.adbureau[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[6].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eztracks.aavalue[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.bridgetrack[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@secure.advancedcleaner[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@goclick[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@link_41221d046eaa2d418d7b_e60b5155bb60972986da4ef873dbed86_http__[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgi-bin[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revenue[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hornymatches[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@interclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@publishers.clickbooth[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@search.ebay[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@login.tracking101[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@toplist[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adbrite[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@67.15.239[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advancedcleaner[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qksrv[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.adbrite[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserver[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@67.15.239[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adredired[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anad.tacoda[

sasysusie · November 2, 2007, 12:59pm

2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[13].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[10].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[11].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[12].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[5].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[6].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[7].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[8].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[9].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.adbrite[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[5].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[7].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@affiliate.eadvtracker[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[5].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[6].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@directtrack[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-verizoncommunications.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-wyndhamvacationownership.hitbox[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-wyndhamvacationownership.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eztracks.aavalue[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[6].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@goclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@linksynergy[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@login.tracking101[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediatraffic[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@pt.crossmediaservices[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qksrv[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@track[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[4].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[5].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[6].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@winantivirus[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ad.firstadsolution[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ad.xplusone[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ads.k8l[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@interclick[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ipoint.targetpoint[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@login.tracking101[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@mywebsearch[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@track.bestbuy[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@track.searchignite[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@winantivirus[1].txt
C:\WINDOWS\Temp\Cookies\hp_owner@2o7[2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
C:\WINDOWS\system32\stera.job

Adware.Web Buying
C:\Program Files\Web Buying\v1.8.1\wbuninst.exe
C:\Program Files\Web Buying\v1.8.1
C:\Program Files\Web Buying
HKU\S-1-5-21-4204567712-2704041500-816587294-1009\Software\WebBuying
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#UninstallString

Adware.k8l
C:\PROGRAM FILES\MSN\PROMY.HTML

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSTSICOMSV32.EXE

Trace.Known Threat Sources
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\72KJZXS9\rd-fakeout2-720x300[1].gif

oldman960 · November 2, 2007, 4:13pm

Hi sasysusie

I’m not sure if you saw my post earlier regarding hijackthis,as I posted it while you where posting the SAS log. We’ve got a bit to do. After running SAS, have the popups slowed down?

sasysusie · November 2, 2007, 5:52pm

Hi again… I just got home and yes i see the address for the HTJ. Actally since running the SAS ive not had one pop up the computer is running faster than its run in days… I acutally was able to host a cribbage tournament online and it all rans faster than it has in ages… so i still need to run HTJ? Im figuring I am… but so far sooo good!! Can’t thank you enough for your time and helpful information!
thanks
Susie

oldman960 · November 2, 2007, 6:01pm

Yes, there is probably more hidden away. So post the hjt log and we’ll take it from there.

BTW

After you have installed HJT, use windows explorer to navigate to the HJT folder and rename hijackthis.exe to hijacksusie.exe. Double click hijacksusie to run the program.

I’m at work right now but will have a look asap.

sasysusie · November 2, 2007, 9:01pm

Geesh and what a busy day… im back home again… I went to this site u gave me
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
once there it gave me three options… none of which say they are HJTsetup.exe so i was not sure which i should use… i know I must seem very stupid about all this (and i am) but after all ive been through i do not want to make a mistake at this point… The three options it is give me are…
Download HijackThis Installer which give me a run window of HJTInstall.exe or
download hijackThis zip with a window of highjackthis.zip (which im sure i do nt use) and
HijackThis Executable with the window of HijackThis.exe
When i did try the first option i did not see where you were talking to me about the setup dialog boes with Select Addtion tasks and so forth it seemed to just want to take me to where i intall and then run it… even if i saved it to the desk top… so i was just unclear and maybe i just didn’t look far enough as i said after my encounter with these trojans ive gotten very leary on here! Since i was not sure i was at the right place i did remove it from my programs to check with you making sure im running the right thing.
Thank you yet again for your time and now your patience with me as well.
Susie

essexboy · November 2, 2007, 9:08pm

Hi sasysusie select the installer (top) and run that it will install Hijackthis ready to run

oldman960 · November 2, 2007, 9:10pm

Well after all that typing…Thanks essexboy.

Thank you yet again for your time and now your patience with me as well

No problem ;D

sasysusie · November 2, 2007, 9:26pm

I hate myself sometimes… im sooo unsure of myself! Oldman how important is it to rename it? I ready to run it but you did say rename it first… id love to if i could find it to rename it! sorry and ty 2 essex as well now that they jumped in!

essexboy · November 2, 2007, 9:43pm

Just run it we will look at renaming if necessary later

sasysusie · November 2, 2007, 9:44pm

yesss renamed it! ran the scan and copied to put here where you could look at the results… see if you leave me alone long enough i figure it out looks like its too long as well so i will send it in 2 parts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:48 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\keyexp\KEYEXP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {b07dc602-3717-03ca-a334-514623705b2b} - {b2b50732-6415-433a-ac30-7173206cd70b} - C:\WINDOWS\system32\eleapuna.dll
O2 - BHO: 0 - {CD4C273E-98E3-48FB-A3AF-606E909668BE} - C:\Program Files\MSN\ladu.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM..\Run: [AOL Spyware Protection] “C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe”
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [Pure Networks Port Magic] “C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe” -Run
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe
O4 - HKLM..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [d43d865d] rundll32.exe “C:\WINDOWS\system32\angowvrm.dll”,b
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SpySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU..\Run: [Srro] “C:\PROGRA~1\PPPATC~1\csrss.exe” -vt yazb
O4 - HKCU..\Run: [Pkzo] “C:\Program Files?icrosoft\d?dplay.exe”
O4 - HKCU..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Keyboard Express 2000.lnk = C:\Program Files\keyexp\KEYEXP.EXE
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lodsrngl.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinpmdq.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

sasysusie · November 2, 2007, 9:45pm

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add To HP Organize… - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_28.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_75.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167880678454
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_29.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebbxyy - gebbxyy.dll (file missing)
O20 - Winlogon Notify: iiffecy - iiffecy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

–
End of file - 12234 bytes

sasysusie · November 2, 2007, 9:47pm

and BTW… ive not had one pop up alllllll day!!! yippie! ;D

essexboy · November 2, 2007, 9:55pm

But alas they are still there

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

O2 - BHO: {b07dc602-3717-03ca-a334-514623705b2b} - {b2b50732-6415-433a-ac30-7173206cd70b} - C:\WINDOWS\system32\eleapuna.dll
O2 - BHO: 0 - {CD4C273E-98E3-48FB-A3AF-606E909668BE} - C:\Program Files\MSN\ladu.dll (file missing)
O4 - HKLM..\Run: [d43d865d] rundll32.exe “C:\WINDOWS\system32\angowvrm.dll”,b
O4 - HKCU..\Run: [Srro] “C:\PROGRA~1\PPPATC~1\csrss.exe” -vt yazb
O4 - HKCU..\Run: [Pkzo] “C:\Program Files?icrosoft\d?dplay.exe”
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lodsrngl.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinpmdq.exe
O20 - Winlogon Notify: gebbxyy - gebbxyy.dll (file missing)
O20 - Winlogon Notify: iiffecy - iiffecy.dll (file missing)

[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

[Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

sasysusie · November 3, 2007, 1:21am

yikes I encountered a problem with the combo fix. I ran the combo fix and when it was done it rebooted my computer and on the reboot was working in the combo fix log… the problem was it stated not to run any programs until the log as finished… but upon the restart i have programs that automatically run… the whole things stalled out at the point and never gave me a log… and never changed from a blue screen so i manually had to reboot… upon rebooting i did another hijack and have the log from that i can give yuo but unfortunately I do not have the one from the combofix since i never got it but here is the hijacklog it will come in 2 parts it exceeds maximum allowed length!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14, on 2007-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\keyexp\KEYEXP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

sasysusie · November 3, 2007, 1:22am

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [Reminder] “C:\Windows\Creator\Remind_XP.exe”
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM..\Run: [AOL Spyware Protection] “C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe”
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [Pure Networks Port Magic] “C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe” -Run
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe
O4 - HKLM..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SpySweeper] “C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Keyboard Express 2000.lnk = C:\Program Files\keyexp\KEYEXP.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add To HP Organize… - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_28.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_75.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167880678454
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_29.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

–
End of file - 11435 bytes

confused and out of steam

Announcements