help needed removing Rogue.BulletProof

Hi Tech. I use Windows XP SP3 and Malwarebytes picked up a Rogue.BulletProof File along with 6 HKEY registry keys as corrupted but I have tried removing this after scan is completed and Malwarebytes does not do so for me. I ran Avast normal scan through which showed as clear so stopped System Restore and rebooted then did an Avast shedule boot scan which went through to 99% and then opened my Windows again. That boot scan showed File c:\APPS\Star\soa-5-2-ga-bin-windows-en.exe[embedded_1#059072]\voslmsc.dll Error 42125 {zip archive is corrupted.}

File c:\WINDOWS\SoftwareDistribution\Download\94e2de28cb8ee27606822ca199876d4a\BIT1BTmp\legitcheckcontrol;dll Error 42127{CAB archive is corrupted}

File c:\WINDOWS\SoftwreDistribution\Download\e396fOc91o11c6e806853d791243a71c\BIT11.tmp\mpasbase.vdm Error 4127 {CAB archive is corrupted.}

File c:\WINDOWS\System32\Activescan\pav.zip

I shall copy/paste HijackThis in other post…How can I remove this Rogue please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:00 PM, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\DOCUME~1\loraine\LOCALS~1\Temp\SSUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.matilda.net.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Matilda Internet
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -

C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar -

{3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [IntelliType] "C:\Program Files\Microsoft

Hardware\Keyboard\type32.exe"

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark

X1100 Series\lxbkbmgr.exe"
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program

Files\Malwarebytes’ Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program

Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe”

/background
O4 - HKCU..\Run: [Update Service]

C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -

res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -

http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script

Runner Class) -

https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://207.188.7.150/23190461514bf361b004/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield

International Setup Player) -

http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} -

http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.ca

b
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} -

https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com/products/acrobat/nos/gp.cab
O17 -

HKLM\System\CCS\Services\Tcpip..{D3E45EBA-DEF3-4064-909F-029B507EF8A2

}: NameServer = 220.157.86.3 220.157.86.38
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software

  • C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner -

C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point

Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 9856 bytes

I’m not formally trained in reading these, but from what I see (and Google) it looks OK.
In your first post, you state that MBAM detected a trojan, can you post the full file name and path of the detection please.
Does the computer exhibit any unusual behaviour?
I note that you have (and had) quite a few security applications installed. What Symantec programs have been on the computer, and how were they removed?


Why all the spaces in the HJT log? ???

As it is now, it is hard to analyze.

Please post it just as it is in the resulting log.


Hello CharleyO. I shall have to do another Malwarebytes scan to take down the file name and path that showed as a problem to quarantine from scans done. Shall post findings tomorrow on this.

I did jot down from the Avast shedule boot scan and shared findings in my original post File c:\Apps\STAR\soa-5-2-ga-bin-windows-en.exe\ [embedded-1#o59072]voslmsc.dll Error 42125 {zip archive is corrupted.}

along with two other File c posted above if this helps guide you here…

My computer seemed to be running slow and is why I scanned using Malwarebytes then Avast otherwise I don’t have any other problems occuring I’ve noticed. It is the scans reading as there being a problem that was of concern now is all.

I did download a few programs in the past trying to remove a trojan and was posting here for guidance at the time as well and just kept those listed in the logfile. Nortons was my original Symantec virus protection and was not uninstalled that I recall. It simply ran out so I changed to using Avast.

copy/paste the HijackThis in next post for space reasons …thank you for your prompt response to help . Tiggers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:00 PM, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\DOCUME~1\loraine\LOCALS~1\Temp\SSUPDATE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.matilda.net.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEDEAT/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Matilda Internet
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar:

&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [IntelliType] “C:\Program Files\Microsoft Hardware\Keyboard\type32.exe”
O4 - HKLM..\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe”
O4 - HKLM..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/23190461514bf361b004/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip..{D3E45EBA-DEF3-4064-909F-029B507EF8A2}: NameServer = 220.157.86.3 220.157.86.38
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 9856 bytes


An analysis of your HJT log shows the following problems :

C:\Program Files\AskBarDis\bar\bin\AskService.exe
Bad entry that should be fixed.
http://www.file.net/process/askservice.exe.html

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Questionable entry that should be fixed.
http://www.what-is-exe.com/filenames/askbar-dll.html

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
Unnecessary (deactivated) entry that can be fixed. SDhelper.dll - Spybot - Search & Destroy

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Unnecessary (deactivated) entry that can be fixed.
http://www.spyandseek.com/Search.php?search_for=7E853D72-626A-48EC-A868-BA8D5E23E045&search=SAS-Search

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Questionable entry but it is related to ZoneAlarm. It has a different MD5 than the above askBar.dll entry. Removing this entry may effect ZoneAlarm in it’s present configuration.

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
Unnecessary (deactivated) entries that can be fixed. SDhelper.dll - Spybot - Search & Destroy

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
Bad entry that should be fixed.
http://www.file.net/process/askservice.exe.html


What you SHOULD do In the first place is Stop running so much files At the same time.

It makes the CPU get hot THEN it shuts down some files to cool itself. (computer built-in feature)
And sometimes It even Shuts off System Files.

To remove files you Don’t need Follow these steps:

-Go to Start

-Look for Control Panel

-Open Add/Remove hardware Wizard In the Control Panel

-Remove files you Don’t Need for Example:

Tool Bars
Unnecessary Pictures
Internet History

And so on.

And Please! Stick with just 2 Antivirus Programs (more than 2 conflict problems)
And Update them Frequently.

Hope this Helps!

Pika

Thanks for guidance MastaPika and CharelyO. I have removed CCleaner and Spybot programs and shall check to clean further non used items shortly. I had kept those two programs updated but time to let them go.

I have downloaded Register Booster scanned and it showed 196 items but only able to fix/remove 15. Backed up registry first. As it is only able to part remove items I have followed on the other link shared by CharleyO and am going to run RegCure to see what shows up with that one for .dll issues. I have read good reports online about RegCure. Shall remove both programs after checking what RegCure shows in its scan.

Appreciated your help.

Tiggers

tiggers,
don’t be in too much of a hurry to remove Ccleaner, it’s a usefull program.
What MastaPika was probably referring to above was the number of running processes. Just because programs are installed, not all of them have to start with windows.
I would be very cautions about using any reg cleaners, unless you know what you are doing with the registry, and especially if the reg cleaner doesn’t default to backing up any changes made.
You are best to only run one AV (not two, as suggested above.)

Remove Norton from the control panel> add/remove programs. Download the Norton removal tool http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039 and run it to remove the leftovers.
Even if disabled, the leftovers will be causing a problem, and this could in large part be why your computer is slow.
Definitely follow the advice offered by CharleyO.

Have you updated Malwarebytes and ran a Full scan?

Hi tech helpers. I keep Malwarebytes up to date and always run full scans just to make sure thanks Tarq57.

I’m not sure if my RegBooster scan allowing me remove 15 problems yesterday or not but last night Malwarebytes successfully removed all shown problems re Rogue.BulletProof spyware/trojan. As I was about to log offline ZoneAlarm Firewall box came on asking me if I would accept or deny Lepps.exe as my server (or Lexpps.exe) I jotted down the former name and clicked deny as I’d not ever had that asked of me before. A google check showed others have had the same experience and is a possible spyware program even if having a Lexmark printer or not. Only my view from what I read here and techs may know otherwise but best not to deny.

copy/paste info of file path in next post
Tiggers

copy/paste file path and info Malwarebytes found and successfully removed…computer working well now.

The problem Malwarebytes logfile showed problems were-

Folder c:\Documents and Settings\my name\Application Data\ and numbers

File c:\WINDOWS\System32\bpssc1.1.dll

Registry Keys HKEY_CLASSES_ROOT\TypeLib\ and numbers

(3) Registry Keys HKEY_CLASSES_ROOT-Interface\ and numbers

and one CLSID

Thanks again for all who helped. :slight_smile:

Tiggers