Slow Computer: Low Virtual Memory [Resolved]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

Slow Computer: Low Virtual Memory [Resolved], Virtual Memory errors, very slow processing - Windows 2000 system

Options

eufouria View Member Profile	Jul 4 2007, 04:14 PM Post #1
Member Posts: 36 OS: XP	I've had excellent advice on here before which helped me clean up a lot of issues on my computer, now I need some help with another one, please. This is a Microsoft Windows 2000 system. CCleaner was done which removed a LOT and at least allowed the other scans. AVG was downloaded but wouldn't function, SUPERAntiSpyware was downloaded and ran on 6/23 (log listed below) which took FOREVER to run - computer hasn't been back on again for any usage until today. I ran a HiJackThis log (log below) today. Note that I had re-named the HiJackThis exe to something else to try and catch all the information it could. When I turned on this machine today, there was an error message that said the virtual memory was being expanded as the computer was low. Windows updates were done, but the online Panda scan wouldn't complete, so there's no log to share for that. Thanks! --------------------------------- SUPERAntiSpyware Scan Log Generated 06/23/2007 at 07:44 PM Application Version : 3.6.1000 Core Rules Database Version : 3190 Trace Rules Database Version: 1200 Scan type : Complete Scan Total Scan Time : 03:25:07 Memory items scanned : 352 Memory threats detected : 0 Registry items scanned : 3908 Registry threats detected : 100 File items scanned : 23362 File threats detected : 8 Adware.Avenue Media/Internet Optimizer HKLM\Software\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32#ThreadingModel HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\Programmable HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib HKCR\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID C:\WINDOWS\NEM220.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32 HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib HKCR\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib#Version HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0 HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS HKCR\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR Adware.IST/YourSiteBar HKLM\Software\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32 HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32#ThreadingModel HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\ProgID HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Programmable HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\TypeLib HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\VersionIndependentProgID C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKCR\Ysb.YsbObj.1 HKCR\Ysb.YsbObj HKCR\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKU\S-1-5-21-776561741-492894223-1060284298-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{86227D9C-0EFE-4F8A-AA55-30386A3F5686} HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\ProxyStubClsid HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\ProxyStubClsid32 HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\TypeLib HKCR\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}\TypeLib#Version HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\ProxyStubClsid HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\ProxyStubClsid32 HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\TypeLib HKCR\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}\TypeLib#Version HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0 HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\0 HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\0\win32 HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\FLAGS HKCR\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}\1.0\HELPDIR BHObj Class BHO HKLM\Software\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID C:\WINDOWS\WSEM303.DLL Adware.180solutions/Search Assistant HKCR\MediaGatewayX.Installer HKCR\MediaGatewayX.Installer\CLSID HKCR\MediaGatewayX.Installer\CurVer HKCR\MediaGatewayX.Installer.1 HKCR\MediaGatewayX.Installer.1\CLSID HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Adware.Surf Accuracy HKLM\Software\SAcc HKLM\Software\SAcc#accid HKLM\Software\SAcc#subaccid HKLM\Software\SAcc#Version HKLM\Software\SAcc#InstallDate HKLM\Software\SAcc#DbgInfo HKLM\Software\SAcc#srecovery HKLM\Software\SAcc#CfgReloadAttempts HKLM\Software\SAcc#CfgReload HKLM\Software\SAcc#SAData HKLM\Software\SAcc#Counter HKLM\Software\SAcc#NextInvoke HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAcc#UninstallString Adware.180solutions/ZangoSearch HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E} HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0 HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0 HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0\win32 HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\FLAGS HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\HELPDIR Trojan.WinFixer 2006 HKCR\UWFX6PCheck.UWFX6PCheck.1 C:\Program Files\Common Files\WinFixer 2006 C:\WINDOWS\system32\drivers\d_kmd.sys Adware.IST/SaferScan C:\Documents and Settings\user\Start Menu\Programs\SaferScan\SaferScan.lnk C:\Documents and Settings\user\Start Menu\Programs\SaferScan Adware.IST/ISTBar (Slotch Bar) HKU\S-1-5-21-776561741-492894223-1060284298-1000\Software\Microsoft\Internet Explorer\Main#BandRest [ ] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ ] Adware.180solutions/Seekmo HKCR\seekmohook.SABHO HKCR\seekmohook.SABHO\CLSID HKCR\seekmohook.SABHO\CurVer HKCR\seekmohook.SABHO.1 HKCR\seekmohook.SABHO.1\CLSID Trojan.WinFixer C:\PROGRAM FILES\YAHOO!\YPSR\QUARANTINE\PPQ73.TMP --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 2:49:46 PM, on 7/4/2007 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hidserv.exe C:\WINDOWS\System32\lxbmcoms.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\WINDOWS\loadqm.exe C:\Program Files\Lexmark 4200 Series\lxbmmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Crusty\Crusty.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {35955D7B-092A-49D7-927F-2D67FD6EE929} - C:\WINDOWS\System32\mmpdoqoh.dll (file missing) O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\gltvj.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe" O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144621971030 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: oppno - C:\WINDOWS\System32\oppno.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbm_device - - C:\WINDOWS\System32\lxbmcoms.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

kahdah View Member Profile	Jul 7 2007, 07:50 PM Post #2
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	Hello eufouria Welcome to G2Go. I will be helping you with your Malware problem. Please download the OTMoveIt by OldTimer. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. After that please re-open Hijackthis and place a check mark next to these entries listed below: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {35955D7B-092A-49D7-927F-2D67FD6EE929} - C:\WINDOWS\System32\mmpdoqoh.dll (file missing) O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\gltvj.exe O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O20 - Winlogon Notify: oppno - C:\WINDOWS\System32\oppno.dll (file missing) Now click on Fix Checked and then close Hijackthis. ===================================================== After that Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\Program Files\SurfAccuracy C:\WINDOWS\gltvj.exe C:\Program Files\WinFixer_2006 Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Click "Exit" to close OTMoveIt. *When ready to Reply on the forum, please Paste the content of the latest* log which is located at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\****_**.log (where "******_**" is the "date_time") If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ====================================================================== After reboot do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text** button: Save the file to your desktop. Copy and paste that information in your next post. Please post back with these logs: Otmoveit log Kaspersky log new Hijackthis log

eufouria View Member Profile	Jul 7 2007, 10:38 PM Post #3
Member Posts: 36 OS: XP	Kahdah - Thank you! It took a long time for the Kasperkey to run, so I'm finally finished and the logs are listed below: OTMoveIt File/Folder C:\Program Files\SurfAccuracy not found. File/Folder C:\WINDOWS\gltvj.exe not found. File/Folder C:\Program Files\WinFixer_2006 not found. Created on 07/07/2007 19:20:44 I was unable to get a log file from OTMoveIt, and received this error: Cannot create file C:\_OTMoveIT\MovedFiles\07072007_192158.log ------------- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, July 07, 2007 9:32:27 PM Operating System: Microsoft Windows 2000 Professional, Service Pack 2 (Build 2195) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/07/2007 Kaspersky Anti-Virus database records: 359515 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 24175 Number of viruses found: 1 Number of infected objects: 1 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:51:17 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\cert8.db Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\formhistory.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\history.dat Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\key3.db Object is locked skipped C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\n5torvow.default\parent.lock Object is locked skipped C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007070720070708\index.dat Object is locked skipped C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped C:\WINDOWS\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\WINDOWS\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\ipsecpa.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLog.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\default Object is locked skipped C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\software Object is locked skipped C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\config\system Object is locked skipped C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT Object is locked skipped C:\WINDOWS\SYSTEM32\ewkbmmvs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped Scan process completed. --------------------- New HiJackThis log: Logfile of HijackThis v1.99.1 Scan saved at 9:35:26 PM, on 7/7/2007 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hidserv.exe C:\WINDOWS\System32\lxbmcoms.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\WINDOWS\loadqm.exe C:\Program Files\Lexmark 4200 Series\lxbmmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Crusty\Crusty.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe" O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144621971030 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbm_device - - C:\WINDOWS\System32\lxbmcoms.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

kahdah View Member Profile	Jul 8 2007, 07:13 AM Post #4
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	Hello eufouria that error is fine as long as it does move the files and folders. Just copy and paste the results for your next reply. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\SYSTEM32\ewkbmmvs.dll Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Click "Exit" to close OTMoveIt. *When ready to Reply on the forum, please Paste the content of the latest* log which is located at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\****_**.log (where "******_**" is the "date_time") If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.** Please post back with those results and a new Hijackthis log. Also let me know how things are running.

eufouria View Member Profile	Jul 8 2007, 10:50 AM Post #5
Member Posts: 36 OS: XP	Good morning! Things are still running pretty slowly. I haven't had anything running other than Firefox and whichever fix-it program you're having me run at various times. I did get a low virtual memory error as well and checking the task manager it shows: Mem Usage: 373206K / 441936K CPU Usage flows between 25 - 45% Is there a way to get rid of some of the startup items and things that are continuously running but not necessary? Thanks!! --------- OTMoveIt results: DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\ewkbmmvs.dll C:\WINDOWS\SYSTEM32\ewkbmmvs.dll NOT unregistered. C:\WINDOWS\SYSTEM32\ewkbmmvs.dll moved successfully. Created on 07/08/2007 09:45:11 ----------------- Logfile of HijackThis v1.99.1 Scan saved at 9:46:37 AM, on 7/8/2007 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hidserv.exe C:\WINDOWS\System32\lxbmcoms.exe C:\WINDOWS\system32\regsvc.exe C:\WINDOWS\system32\MSTask.exe C:\WINDOWS\system32\stisvc.exe C:\WINDOWS\System32\WBEM\WinMgmt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe C:\Program Files\Lexmark 5200 series\lxbtbmon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\WINDOWS\loadqm.exe C:\Program Files\Lexmark 4200 Series\lxbmmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Desktop\OTMoveIt.exe C:\Program Files\Crusty\Crusty.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe" O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144621971030 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbm_device - - C:\WINDOWS\System32\lxbmcoms.exe O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

kahdah View Member Profile	Jul 8 2007, 01:46 PM Post #6
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	Hello eufouria Yes there is a way to get rid of some things at startup. First though let's finish cleanup. Please double-click OTMoveIt.exe to run it and choose the Cleanup option. Let the script run. After that you can uninstall AVG anti-spyware and Super anti-spyware. Delete any other tools that I had you download. Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (Windows XP) 1. Turn off System Restore. Click on Start Right-click My Computer Click Properties Click the System Restore tab Check Turn off System Restore Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. Click on Start Right-click My Computer Click Properties UN-Check Turn off System Restore* Check Turn on System Restore Click Apply, and then click *OK. How to Turn On and Turn Off System Restore in Windows XP http://support.microsoft.com/default.aspx?...kb;en-us;310405 After that please re-open Hijackthis and place a check mark next to these entries.(ALL are optional and can be started manually) O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background Now click on Fix Checked. Now close Hijack this. Reboot a final time and then post back with a final hijackthis.

eufouria