ie opens program at startup -adware? trendmicro protection not helping

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

ie opens program at startup -adware? trendmicro protection not helping, running trendmicro,deleted program files and computer is sticking

Options

melanie_d View Member Profile	Sep 23 2008, 10:05 PM Post #1
New Member Posts: 8 OS: windows xp	Hi All, This is my first post- I usually can fix issues with my system by googling problems but since last week I feel at a complete loss. I got some sort of virus last week and couldn't disable the bios. I ended up having to use my system disk and restore it- which afterwards left me with an empty system- losing over 8 months of pictures of my kids and family. Anyway, now I installed my trendmicro and got my computer back but its running very slow (I thought it would be so fast after having a clean slate) However, trendmicro is coming up warning of adware and IE keeps opening and saying a program is running but I can't even see it and it this point I've lost my desktop icons and my toolbar below- all I can see is the startuplist I ran from hijack this- I hope this will be enough for somebody to help me. I can't even right click and have anything come up on my desktop that way- so once I post this I will use good ole- ctrl,alt,delete and restart- at first my system will run but within the first few minutes I start losing everything. I'm posting below my list, please give me any ideas of what to do. I work from home using remote desktop so I really could use help soon but I understand this is all volunteer and I appreciate anyones time. Thank you in advance!!! ps- I apologize for my rambling but I'm still really depressed about the loss of all my pics and other documents so going through this stuff again is frustrating the heck out of me.... I'm attaching what I hope is the hijackthis list you need and listing below the startup list. Sorry- I'm editing and adding the things that have happened after rebooting: this came up- ie microsoft visual c++ runtime libriary error- app has request runtime to terminate Address: http://freeonlinescanner9.com/2009/1/_free...php?id=77052204 Type: Adware / Joke Program / Cookies StartupList report, 9/23/2008, 10:09:43 PM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe StacSysTray = C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe AGRSMMSG = AGRSMMSG.exe PRONoMgrWired = C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" prunnet = "C:\DOCUME~1\Owner\LOCALS~1\Temp\prun.exe" {37bf31b3-8145-d650-ec4b-7c404ca89a4d} = C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\posykepxnpnpgmm.dll" DllStub 9c614d6e = rundll32.exe "C:\WINDOWS\System32\rclprlks.dll",b BM9f527ef2 = Rundll32.exe "C:\WINDOWS\System32\ishbpjyl.dll",s -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OE = "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" prunnet = "C:\DOCUME~1\Owner\LOCALS~1\Temp\prun.exe" -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=zcsnvu.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\sspipes.scr drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Download Program Files: [Office Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\System32\OGACheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=67633 [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://www.update.microsoft.com/windowsupd...b?1221789930656 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll spyware just keep trying to come through too - now it says clickwwwsearch is attempting to open. PLEASE SOMEBODY HELP!!! -------------------------------------------------- End of report, 8,076 bytes Report generated in 0.125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only This post has been edited by melanie_d: Sep 23 2008, 10:38 PM Attached File(s) hijackthis1.txt ( 7.7K ) Number of downloads: 5

emeraldnzl View Member Profile	Sep 23 2008, 11:47 PM Post #2
Trusted Helper Posts: 2,352 OS: XP Pro	Hello melanie_d, Welcome to Geekstogo. I am having a look at your log and will get back to you in a bit. regards emeraldnzl PS I have taken the liberty of posting your HijackThis log. It is easier to analyse this way. Please post your logs in future unless otherwise instructed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:35 PM, on 9/23/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [prunnet] "C:\DOCUME~1\Owner\LOCALS~1\Temp\prun.exe" O4 - HKLM\..\Run: [{37bf31b3-8145-d650-ec4b-7c404ca89a4d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\posykepxnpnpgmm.dll" DllStub O4 - HKLM\..\Run: [9c614d6e] rundll32.exe "C:\WINDOWS\System32\rclprlks.dll",b O4 - HKLM\..\Run: [BM9f527ef2] Rundll32.exe "C:\WINDOWS\System32\ishbpjyl.dll",s O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [prunnet] "C:\DOCUME~1\Owner\LOCALS~1\Temp\prun.exe" O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221789930656 O20 - AppInit_DLLs: zcsnvu.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 7886 bytes

emeraldnzl View Member Profile	Sep 24 2008, 12:15 PM Post #3
Trusted Helper Posts: 2,352 OS: XP Pro	Hello again melanie_d, Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Next Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) Lastly in this post Download random's system information tool (RSIT) by random/random from here. It is important that is saved to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) So when you return please post VundoFix text LopR.txt the two RSIT logs - log.txt and info.txt

melanie_d View Member Profile	Sep 24 2008, 02:26 PM Post #4
New Member Posts: 8 OS: windows xp	First let me say thatnk you so much for your help and all of your work is greatly appreciated. I checked for a response this morning and didnt see anything so I tried to boot up my computer and could no longer get past the log in area, it just kept me there -also, I couldn't even get to the screen of opening to safe mode SO I was forced to enter the restore disc and boot from there. I chose repair windows hoping to just be able to get on my computer. However, it looks like its actually re-installing it. I'm on my other computer right now and it's old and very slow so I'm hoping the repair works- although I really don't think it will since I already have restored to the orginal system and lost everything once. Is it possible to have a virus/malware actually reinstall itself with a complete restore? or could it be from my router? As soon as it gets going I plan on reinstalling trend micro and hijack this. I was just wondering, in your opinion, should I still do all of the things you had requested? Also, do you know is there anyway,even with the restore, to find my pics that were in there? I'm so sorry to be such trouble. I'm just really at a loss here. This post has been edited by melanie_d: Sep 24 2008, 02:29 PM

emeraldnzl View Member Profile	Sep 24 2008, 02:51 PM Post #5
Trusted Helper Posts: 2,352 OS: XP Pro	Hi melanie_d, I am not sure what we can do about your pictures, I think you may have removed them when you reinstalled earlier on. We can have a look later. Let's just concentrate on the problem of infection first. Your machine has a virtumondo or Vundo infection. Usually this can be cleaned out without too much dificulty. We need to run those tools outlined in my last post. I would do that first before reinstalling Trendmicro and HJT. Once done reinstall those two. Doesn't matter though if you already have done. regards emeraldnzl

melanie_d View Member Profile	Sep 24 2008, 04:12 PM Post #6
New Member Posts: 8 OS: windows xp	Hello again, Vundo came back saying nothing was found. I'm listing below the log from LOPR and attaching the other 2 logs (from RSIT) Thanks again for everything. --------------------\\ Lop S&D 4.2.4-4 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz ) BIOS : Rev 1.0 USER : Owner ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total : 55 Go Free : 50 Go D:\ (CD or DVD) E:\ (USB) F:\ (USB) "C:\Lop SD" ( MAJ : 19-09-2008\|22:20 ) Option : [1] ( Wed 09/24/2008\|16:57 ) --------------------\\ Listing folders in APPLIC~1 [09/18/2008\|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [09/18/2008\|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [09/18/2008\|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [09/18/2008\|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink [09/24/2008\|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ESET [09/18/2008\|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP [09/24/2008\|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [09/18/2008\|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage [09/18/2008\|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy [09/18/2008\|08:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks [09/18/2008\|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [09/18/2008\|08:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic [09/22/2008\|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trend Micro [09/18/2008\|08:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [09/18/2008\|10:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [09/18/2008\|10:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [09/18/2008\|10:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [09/22/2008\|12:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe [09/22/2008\|12:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM [09/18/2008\|08:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AOL [09/18/2008\|07:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP [09/18/2008\|10:18] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities [09/18/2008\|08:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia [09/23/2008\|12:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft [09/18/2008\|10:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun [09/18/2008\|08:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [09/24/2008 03:57 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT [03/31/2003 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [09/18/2008\|10:36] C:\Program Files\<DIR> Adobe [09/24/2008\|11:44] C:\Program Files\<DIR> America Online 9.0 [09/18/2008\|08:43] C:\Program Files\<DIR> AOL [09/18/2008\|08:29] C:\Program Files\<DIR> AOL Companion [09/18/2008\|08:23] C:\Program Files\<DIR> AOL Toolbar [09/18/2008\|10:24] C:\Program Files\<DIR> ATI Technologies [09/22/2008\|12:49] C:\Program Files\<DIR> Common Files [09/18/2008\|10:09] C:\Program Files\<DIR> ComPlus Applications [09/18/2008\|10:43] C:\Program Files\<DIR> CyberLink [09/24/2008\|01:01] C:\Program Files\<DIR> ESET [09/18/2008\|10:33] C:\Program Files\<DIR> Gateway [09/18/2008\|08:12] C:\Program Files\<DIR> Hewlett-Packard [09/18/2008\|08:16] C:\Program Files\<DIR> HP [09/18/2008\|10:43] C:\Program Files\<DIR> InstallShield Installation Information [09/18/2008\|10:28] C:\Program Files\<DIR> Intel [09/18/2008\|08:10] C:\Program Files\<DIR> Internet Explorer [09/18/2008\|10:51] C:\Program Files\<DIR> Java [09/18/2008\|08:23] C:\Program Files\<DIR> Learn2.com [09/18/2008\|10:09] C:\Program Files\<DIR> Messenger [09/18/2008\|10:07] C:\Program Files\<DIR> Microsoft ActiveSync [09/18/2008\|10:13] C:\Program Files\<DIR> microsoft frontpage [09/18/2008\|10:06] C:\Program Files\<DIR> Microsoft Office [09/18/2008\|10:55] C:\Program Files\<DIR> Microsoft Works [09/18/2008\|10:01] C:\Program Files\<DIR> Microsoft.NET [09/24/2008\|03:31] C:\Program Files\<DIR> Movie Maker [09/18/2008\|10:09] C:\Program Files\<DIR> MSN [09/18/2008\|10:09] C:\Program Files\<DIR> MSN Gaming Zone [09/18/2008\|10:39] C:\Program Files\<DIR> MUSICMATCH [09/18/2008\|10:10] C:\Program Files\<DIR> NetMeeting [09/18/2008\|10:10] C:\Program Files\<DIR> Online Services [09/18/2008\|10:50] C:\Program Files\<DIR> Outlook Express [09/18/2008\|10:30] C:\Program Files\<DIR> Phoenix Technologies Ltd [09/18/2008\|08:23] C:\Program Files\<DIR> Pure Networks [09/18/2008\|08:22] C:\Program Files\<DIR> QuickTime [09/18/2008\|08:21] C:\Program Files\<DIR> Real [09/18/2008\|10:41] C:\Program Files\<DIR> SIFXINST [09/18/2008\|10:26] C:\Program Files\<DIR> SigmaTel [09/18/2008\|10:43] C:\Program Files\<DIR> Synaptics [09/23/2008\|09:47] C:\Program Files\<DIR> Trend Micro [09/18/2008\|10:18] C:\Program Files\<DIR> Uninstall Information [09/18/2008\|08:23] C:\Program Files\<DIR> Viewpoint [09/24/2008\|03:28] C:\Program Files\<DIR> Windows Media Player [09/18/2008\|10:09] C:\Program Files\<DIR> Windows NT [09/18/2008\|09:08] C:\Program Files\<DIR> WindowsUpdate [09/18/2008\|10:13] C:\Program Files\<DIR> xerox --------------------\\ Listing Folders in C:\Program Files\Common Files [09/22/2008\|12:49] C:\Program Files\Common Files\<DIR> Adobe [09/19/2008\|06:15] C:\Program Files\Common Files\<DIR> AOL [09/18/2008\|08:27] C:\Program Files\Common Files\<DIR> aolback [09/18/2008\|08:23] C:\Program Files\Common Files\<DIR> aolshare [09/18/2008\|10:06] C:\Program Files\Common Files\<DIR> DESIGNER [09/18/2008\|08:08] C:\Program Files\Common Files\<DIR> Hewlett-Packard [09/18/2008\|08:15] C:\Program Files\Common Files\<DIR> HP [09/18/2008\|10:30] C:\Program Files\Common Files\<DIR> InstallShield [09/18/2008\|10:51] C:\Program Files\Common Files\<DIR> Java [09/18/2008\|10:29] C:\Program Files\Common Files\<DIR> Lanovation [09/18/2008\|10:07] C:\Program Files\Common Files\<DIR> Microsoft Shared [09/18/2008\|10:10] C:\Program Files\Common Files\<DIR> MSSoap [09/18/2008\|08:22] C:\Program Files\Common Files\<DIR> Nullsoft [09/18/2008\|05:04] C:\Program Files\Common Files\<DIR> ODBC [09/18/2008\|08:22] C:\Program Files\Common Files\<DIR> Real [09/18/2008\|10:10] C:\Program Files\Common Files\<DIR> Services [09/18/2008\|08:15] C:\Program Files\Common Files\<DIR> Sonic Shared [09/18/2008\|05:04] C:\Program Files\Common Files\<DIR> SpeechEngines [09/18/2008\|10:06] C:\Program Files\Common Files\<DIR> System --------------------\\ Process ( 54 Processes ) iexplore.exe ~ [PID:2592] iexplore.exe ~ [PID:3652] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Owner\Cookies\owner@adultfriendfinder[2].txt C:\DOCUME~1\Owner\Cookies\owner@advertising[2].txt C:\DOCUME~1\Owner\Cookies\owner@adin.bigpoint[2].txt C:\DOCUME~1\Owner\Cookies\owner@bigpoint[2].txt C:\DOCUME~1\Owner\Cookies\owner@us.seafight.bigpoint[2].txt C:\DOCUME~1\Owner\Cookies\owner@us1.darkorbit.bigpoint[2].txt C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[2].txt C:\DOCUME~1\Owner\Cookies\owner@us.seafight.bigpoint[2].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 16:58:17 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections C:\WINDOWS\system32\bceMonmp.ini C:\WINDOWS\system32\bceMonmp.ini2 ==> VUNDO <== [F:739][D:94]-> C:\DOCUME~1\Owner\LOCALS~1\Temp [F:388][D:0]-> C:\DOCUME~1\Owner\Cookies [F:1594][D:5]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Wed 09/24/2008\|16:59 - Option : [1] --------------------\\ Scan completed at 16:59:03 Attached File(s) info.txt ( 5.44K ) Number of downloads: 4 log.txt ( 114.22K ) Number of downloads: 5

melanie_d View Member Profile	Sep 24 2008, 07:10 PM Post #7
New Member Posts: 8 OS: windows xp	I'm having issue on issue it seems...now-I have a popup saying microsoft .net framework- an unhandled eaception has occured in a component in your application details- ee the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************ Exception Text ********** System.NullReferenceException: Object reference not set to an instance of an object. at HP.CUE.Video.PlaybackControl.UpdateProgressBar() at HP.CUE.Video.PlaybackControl._ProgressTimer_Tick(Object sender, EventArgs e) at System.Windows.Forms.Timer.OnTick(EventArgs e) at System.Windows.Forms.Timer.Callback(IntPtr hWnd, Int32 msg, IntPtr idEvent, IntPtr dwTime) ********** Loaded Assemblies ********** mscorlib Assembly Version: 1.0.5000.0 Win32 Version: 1.1.4322.573 CodeBase: file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll ---------------------------------------- hpqimzone Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqimzone.exe ---------------------------------------- hpqiface Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqiface/4.0.0.0__a53cf5803f4c3827/hpqiface.dll ---------------------------------------- System.Windows.Forms Assembly Version: 1.0.5000.0 Win32 Version: 1.1.4322.573 CodeBase: file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll ---------------------------------------- System.Drawing Assembly Version: 1.0.5000.0 Win32 Version: 1.1.4322.573 CodeBase: file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll ---------------------------------------- System Assembly Version: 1.0.5000.0 Win32 Version: 1.1.4322.573 CodeBase: file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll ---------------------------------------- hpqcc2 Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqcc2/3.0.0.0__a53cf5803f4c3827/hpqcc2.dll ---------------------------------------- hpqutils Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqutils/4.0.0.0__a53cf5803f4c3827/hpqutils.dll ---------------------------------------- hpqfmrsc Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqfmrsc/4.0.0.0__a53cf5803f4c3827/hpqfmrsc.dll ---------------------------------------- hpqtray Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqtray/4.0.0.0__a53cf5803f4c3827/hpqtray.dll ---------------------------------------- hpqovskn Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqovskn/3.0.0.0__a53cf5803f4c3827/hpqovskn.dll ---------------------------------------- hpqimvlt Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqimvlt/3.0.0.0__a53cf5803f4c3827/hpqimvlt.dll ---------------------------------------- hpqimgrc Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqimgrc/4.0.0.0__a53cf5803f4c3827/hpqimgrc.dll ---------------------------------------- hpqntrop Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqntrop/4.0.0.0__a53cf5803f4c3827/hpqntrop.dll ---------------------------------------- Interop.hpqcxm08 Assembly Version: 3.0.0.0 Win32 Version: 53.0.13.000 CodeBase: file:///c:/windows/assembly/gac/interop.hpqcxm08/3.0.0.0__a53cf5803f4c3827/interop.hpqcxm08.dll ---------------------------------------- System.Xml Assembly Version: 1.0.5000.0 Win32 Version: 1.1.4322.573 CodeBase: file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll ---------------------------------------- LEAD Assembly Version: 13.0.0.113 Win32 Version: 13.0.0.113 CodeBase: file:///c:/windows/assembly/gac/lead/13.0.0.113__9cf889f53ea9b907/lead.dll ---------------------------------------- LEAD.Wrapper Assembly Version: 13.0.0.113 Win32 Version: 13.0.0.113 CodeBase: file:///c:/windows/assembly/gac/lead.wrapper/13.0.0.113__9cf889f53ea9b907/lead.wrapper.dll ---------------------------------------- LEAD.Windows.Forms Assembly Version: 13.0.0.113 Win32 Version: 13.0.0.113 CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.dll ---------------------------------------- LEAD.Drawing Assembly Version: 13.0.0.113 Win32 Version: 13.0.0.113 CodeBase: file:///c:/windows/assembly/gac/lead.drawing/13.0.0.113__9cf889f53ea9b907/lead.drawing.dll ---------------------------------------- interop.hpqimgr Assembly Version: 3.0.0.0 Win32 Version: 53.0.13.000 CodeBase: file:///c:/windows/assembly/gac/interop.hpqimgr/3.0.0.0__a53cf5803f4c3827/interop.hpqimgr.dll ---------------------------------------- hpqthumb Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqthumb/3.0.0.0__a53cf5803f4c3827/hpqthumb.dll ---------------------------------------- hpqasset Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqasset/4.0.0.0__a53cf5803f4c3827/hpqasset.dll ---------------------------------------- hpqmirsc Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqmirsc.DLL ---------------------------------------- hpqedit Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqedit/3.0.0.0__a53cf5803f4c3827/hpqedit.dll ---------------------------------------- hpqvideo Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqvideo/3.0.0.0__a53cf5803f4c3827/hpqvideo.dll ---------------------------------------- LEAD.Windows.Forms.DrawingContainer Assembly Version: 13.0.0.113 Win32 Version: 13.0.0.113 CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms.drawingcontainer/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.drawingcontainer.dll ---------------------------------------- hpqmdmr Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqmdmr/4.0.0.0__a53cf5803f4c3827/hpqmdmr.dll ---------------------------------------- LEAD.Drawing.Imaging.ImageProcessing Assembly Version: 13.0.0.113 Win32 Version: 13.0.0.113 CodeBase: file:///c:/windows/assembly/gac/lead.drawing.imaging.imageprocessing/13.0.0.113__9cf889f53ea9b907/lead.drawing.imaging.imageprocessing.dll ---------------------------------------- hpqimlib Assembly Version: 3.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqimlib/3.0.0.0__a53cf5803f4c3827/hpqimlib.dll ---------------------------------------- hpqglutl Assembly Version: 4.0.0.0 Win32 Version: 053.000.013.000 CodeBase: file:///c:/windows/assembly/gac/hpqglutl/4.0.0.0__a53cf5803f4c3827/hpqglutl.dll ---------------------------------------- Interop.hpqvideo Assembly Version: 3.0.0.0 Win32 Version: 53.0.13.000 CodeBase: file:///c:/windows/assembly/gac/interop.hpqvideo/3.0.0.0__a53cf5803f4c3827/interop.hpqvideo.dll ---------------------------------------- ********** JIT Debugging ************ To enable just in time (JIT) debugging, the config file for this application or machine (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled. For example: <configuration> <system.windows.forms jitDebugging="true" /> </configuration> When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the machine rather than being handled by this dialog. and a screen continues to popup saying document viewer please wait while windows configures... and it never does complete- the other error than pops up. I haven't made any changes so I'm just not sure whats going on... I'm unable to do anything right now- man, I've never been so frustrated over my computer.

emeraldnzl View Member Profile	Sep 25 2008, 05:26 PM Post #8
Trusted Helper Posts: 2,352 OS: XP Pro	Hello melanie_d, Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix. Included in the tutorial are instructions for the installation of a recovery program if you don't already have it - Windows XP Recovery Console. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. When you reboot your computer after installation, you will see the additional option for the Recovery Console present. Don't select Recovery Console as we don't need it. It is only there for emergency recovery use. By default, your main OS is selected here. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Once you have completed installation of the the Recovery Console. -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

melanie_d

Sep 25 2008, 11:59 PM

Post #9

New Member

Posts: 8
OS: windows xp

I've done all of the requested info and here are the results:

HIjack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:48 AM, on 9/26/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccmain.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bambanner browser enhancer - {d64bf51a-91e8-1a98-0e06-e7206ccaf9a0} - C:\WINDOWS\System32\posykepxnpnpgmm.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [{37bf31b3-8145-d650-ec4b-7c404ca89a4d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\posykepxnpnpgmm.dll" DllStub
O4 - HKLM\..\Run: [9c614d6e] rundll32.exe "C:\WINDOWS\System32\xdvsjoig.dll",b
O4 - HKLM\..\Run: [BM9f527ef2] Rundll32.exe "C:\WINDOWS\System32\ykgnpugl.dll",s
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O