Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very, Very Slow Computer [RESOLVED]

Started by dpluskota , Sep 14 2006 02:44 PM

  • This topic is locked This topic is locked

#16
Buckeye_Sam
Posted 22 September 2006 - 10:57 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
The only other thing I know that we can do for you is to check for the existence of a rootkit.


Download F-Secure Blacklight (blbeta.exe) to your C:\ drive.
- Open a command window. (Start > Run and type: cmd)
- Copy / paste or type the following in the command window:

C:\blbeta.exe /expert

- Accept the user agreement.
- Click Scan.
After the scan finishes, click on Next, then Exit. Please do not rename anything yet!

BlackLight will create a log in your C:\ drive with the name "fsbl-xxxxxxx.log", where the xxxx's are numbers. Please post that log here for me.
  • 0

Advertisements

#17
dpluskota
Posted 24 September 2006 - 10:14 AM

dpluskota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sam,

I cannot run Blacklight in the safe mode, the program is designed to run in the normal mode. When I run blacklight in the normal mode, the scan starts, the after about 3 minutes, the computers stops functioning.

Any suggestions?

Dennis
  • 0

#18
Buckeye_Sam
Posted 24 September 2006 - 01:13 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's run a different rootkit detector that will run in safe mode.

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.
  • 0

#19
dpluskota
Posted 25 September 2006 - 01:33 PM

dpluskota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
sam,

Here are the results of my GMER scan in safe mode.


GMER 1.0.11.11384 - http://www.gmer.net
Rootkit 2006-09-25 14:32:40
Windows 5.0.2195 Service Pack 4


---- Files - GMER 1.0.11 ----

ADS C:\Documents and Settings\501136340\My Documents\My Pictures\k-bay.bmp:Q30lsldxJoudresxAaaqpcawXc
ADS C:\Documents and Settings\501136340\My Documents\My Pictures\k-bay.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.11 ----

Thank You very much for sticking with me on this problem.

Dennis
  • 0

#20
Buckeye_Sam
Posted 25 September 2006 - 03:39 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I'm not seeing the smoking gun there either.

Run Hijackthis and click Open the Misc Tools section
Click Open ADS Spy...
Uncheck "Quick scan (Windows base folder only)"
Click Scan.

When it's done, save the log and post it here in your next reply.
  • 0

#21
dpluskota
Posted 25 September 2006 - 06:46 PM

dpluskota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sam,

Please find the latest and greatest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:46:26 PM, on 9/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\501136340\Desktop\Utilities\Installation Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Power Systems
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http-proxy.geps.ge.com:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\system32\hkeyman.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINNT\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://aequickplace01.ge.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156431484996
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://schd004.sch.g...tor/oajinit.exe
O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://mks.com.pl/sk...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{07CF798F-A421-4A4C-A96B-1BAD23C0B98C}: NameServer = 3.72.76.211,3.72.77.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\Oracle\Forms\BIN\ONRSD80.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RegService - Xircom - C:\XIRCOM\Update\RegService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Panasonic Simul. Patch Service (simul) - Unknown owner - C:\Program Files\Panasonic\Panasonic Simul. Patch\SIMUL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Dennis
  • 0

#22
Buckeye_Sam
Posted 26 September 2006 - 08:04 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That wasn't the log I was looking for. Did the ADS Spy scan create a log for you?


I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

  • 0

#23
dpluskota
Posted 26 September 2006 - 08:44 AM

dpluskota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sam,

I hope this is what you are looking for.

Dennis

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 7.0.7
Adobe Reader 7.0.7
Agere Systems AC'97 Modem
AOL Instant Messenger
BHA B's Recorder GOLD 5.27
BroadJump Client Foundation
CA Client for TSG
CA UAM Agent for TSG
CA UAM Client for TSG
Canon iP90
Canon iP90 Setup Utility
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
CIR Offline
CleanUp!
DMI Viewer
Easy-WebPrint
ewido anti-spyware 4.0
Extend360
GdiplusUpgrade
Gemplus Smart Card Reader Tools
Google Earth
HijackThis 1.99.1
Hotfix for MDAC 2.80 (KB911562)
Hotkey Driver for Panasonic PC
hp deskjet 960c series
hp deskjet 960c series (Remove only)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Intel SpeedStep technology Applet
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD
J2SE Runtime Environment 5.0
Java 2 Runtime Environment Standard Edition v1.3
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Professional
Microsoft Office Outlook 2003
Microsoft SMS Installer
Microsoft VGX Q833989
Microsoft Visio Web Component Technology Preview
Microsoft Windows Journal Viewer
Minitab 12.2 for NT
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mWlsSafe
mXML
mZConfig
Netscape Communicator 4.75
Nortel Networks Contivity VPN Client
Norton Spyware Scan provided by Yahoo!
Oracle JInitiator 1.1.8.16
Oracle JInitiator 1.3.1.25
overland
Panasonic Simul. Patch
Panda ActiveScan
Pegasus
QuickTime
Registry Mechanic 5.2
Registry TuneUp 1.4
Sametime Client v3.0
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
Security Task Manager 1.6f
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Setup_Oracle_Forms6i
SmartTrainer PlugIn
Sony USB Driver
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Trend Micro Anti-Spyware
TrojanHunter 4.6
Update Rollup 1 for Windows 2000 SP4
Viewpoint Media Player
Windows 2000 Application Compatibility Update
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918439
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix (SP5) Q818043
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player system update (9 Series)
WinZip
World Series Of Poker
Xircom Firmware Update
  • 0

#24
Buckeye_Sam
Posted 26 September 2006 - 11:17 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

J2SE Runtime Environment 5.0
Java 2 Runtime Environment Standard Edition v1.3
Viewpoint Media Player


The current version of Java can be downloaded from http://java.sun.com/...loads/index.jsp
Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.



=============


I notice in your log a lot of additional services that I don't usually see. Can you review these and just make sure that you are aware of what they are and that you are using them.

O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\Oracle\Forms\BIN\ONRSD80.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RegService - Xircom - C:\XIRCOM\Update\RegService.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Panasonic Simul. Patch Service (simul) - Unknown owner - C:\Program Files\Panasonic\Panasonic Simul. Patch\SIMUL.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe


That last one indicates an antivirus, but you are clearly running Symantec(Norton) also. You shouldn't run more than one antivirus at a time. Are you using Yahoo antivirus solution also?
  • 0

#25
dpluskota
Posted 26 September 2006 - 01:23 PM

dpluskota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sam,

When I uninstalled the J2SE runtime initiator, Norton caught 3 downloaders and deleted them. After that, my computer began to run normally. I am typing this in the normal mode. I have almost begun to hate the F8 key, because that's what I had to press to do SAFE MODE!

Please find my last 2 HJT logs.

Logfile of HijackThis v1.99.1
Scan saved at 2:16:00 PM, on 9/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ca\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\Program Files\Panasonic\Panasonic Simul. Patch\SIMUL.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\hkeyman.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINNT\AGRSMMSG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\501136340\Desktop\Utilities\Installation Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Power Systems
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http-proxy.geps.ge.com:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Hotkey] C:\WINNT\system32\hkeyman.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINNT\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://aequickplace01.ge.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156431484996
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://schd004.sch.g...tor/oajinit.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} (JInitiator 1.3.1.25) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://mks.com.pl/sk...kanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\Oracle\Forms\BIN\ONRSD80.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RegService - Xircom - C:\XIRCOM\Update\RegService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Panasonic Simul. Patch Service (simul) - Unknown owner - C:\Program Files\Panasonic\Panasonic Simul. Patch\SIMUL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\Rtvscan.exe


Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 7.0.7
Adobe Reader 7.0.7
Agere Systems AC'97 Modem
AOL Instant Messenger
BHA B's Recorder GOLD 5.27
BroadJump Client Foundation
CA Client for TSG
CA UAM Agent for TSG
CA UAM Client for TSG
Canon iP90
Canon iP90 Setup Utility
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
CIR Offline
CleanUp!
DMI Viewer
Easy-WebPrint
ewido anti-spyware 4.0
Extend360
GdiplusUpgrade
Gemplus Smart Card Reader Tools
Google Earth
HijackThis 1.99.1
Hotfix for MDAC 2.80 (KB911562)
Hotkey Driver for Panasonic PC
hp deskjet 960c series
hp deskjet 960c series (Remove only)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Intel SpeedStep technology Applet
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD
J2SE Runtime Environment 5.0
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 SR-1 Professional
Microsoft Office Outlook 2003
Microsoft SMS Installer
Microsoft VGX Q833989
Microsoft Visio Web Component Technology Preview
Microsoft Windows Journal Viewer
Minitab 12.2 for NT
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mWlsSafe
mXML
mZConfig
Netscape Communicator 4.75
Nortel Networks Contivity VPN Client
Norton Spyware Scan provided by Yahoo!
Oracle JInitiator 1.1.8.16
Oracle JInitiator 1.3.1.25
overland
Panasonic Simul. Patch
Panda ActiveScan
Pegasus
QuickTime
Registry Mechanic 5.2
Registry TuneUp 1.4
Sametime Client v3.0
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
Security Task Manager 1.6f
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Setup_Oracle_Forms6i
SmartTrainer PlugIn
Sony USB Driver
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Trend Micro Anti-Spyware
TrojanHunter 4.6
Update Rollup 1 for Windows 2000 SP4
Windows 2000 Application Compatibility Update
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918439
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix (SP5) Q818043
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player system update (9 Series)
WinZip
World Series Of Poker
Xircom Firmware Update

Thank You so much for all your help.
Dennis
  • 0

Advertisements

#26
Buckeye_Sam
Posted 26 September 2006 - 03:38 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
A bit unexpected, but we'll take it. :whistling:

You still should uninstall this other version of Java also. It's a security risk.

J2SE Runtime Environment 5.0

Then install the current version, which is secure.


Anything else I can help you with? :blink:
  • 0

#27
dpluskota
Posted 26 September 2006 - 07:08 PM

dpluskota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sam,

I did uninstall everything you asked me to. I had to uninstall the J2SE when the computer was in normal mode. I uninstalled the other two in safe mode, as the J2SE wouldn't uninstall in safe. I believe the downloaders were hiding in the J2SE.

Thank you again for all of your patience. :whistling:

Dennis
  • 0

#28
Buckeye_Sam
Posted 27 September 2006 - 03:28 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP