[urban_rose]

the computer freezes up when i view certain forums or if i go on to: ebay,wikipedia and imdb. I was doing a superanti spyware scan prior to posting this and it froze up, whilst scanning encyclopedia britannica and lost all the infected results it had found so far, which was adware:nail,aurora and others. btw, i have read this http://www.geekstogo..._Log-t2852.html
this is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 19:06:24, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe


[b]and this is my uninstall list

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AND Route 2002 Europe Lite
ArcSoft Multimedia Email
ArcSoft PhotoImpression
ArcSoft Software Suite
ArcSoft VideoImpression 1.6
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BlueSoleil
Brother MFL-Pro Suite
CD/DVD Drive Acoustic Silencer
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam Notebook Driver (1.03.05.0322)
Creative WebCam Notebook User's Guide (English)
Dr SpeedTouch
Dual Mode Camera (8008 VGA)
DVD-RAM Driver
Encyclopædia Britannica Ultimate Reference Suite DVD
ePEN 4.2.2 V1.2
ExamWizard Edexcel GCSE Religious Studies
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
IBM ViaVoice Pro 10.0 - UK English
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java 2 Runtime Environment, SE v1.4.2_05
LG GSM PC Components
LG USB Modem Driver
Macromedia Flash Player
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee SpamKiller
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Office XP Web Components
Microsoft Picture It! Photo Standard 9
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft® PowerPoint® Animation Player
MSXML 4.0 SP2 (KB927978)
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
PaperPort 8.0 SE
PhotoEZ 3
PhotoImpression
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Smart Audio Converter
Sonic RecordNow!
SpeedTouch USB Software
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
The 3D Globe
The Wise Book
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Safety Scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinPcap 3.1
Wireshark 0.99.4

Edited by urban_rose, 05 February 2007 - 07:51 AM.

[Advertisements]

Hi
Welcome to Geekstogo

Please follow the instructions below.

1. Download combofix.exe from one of the links below:

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Also
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
  If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

Andy

[andydf]

Hi
Welcome to Geekstogo

Please follow the instructions below.

1. Download combofix.exe from one of the links below:

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Also
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.

• Once you get to the Panda site, scroll down a bit and click on Scan your PC
• A new window will appear; click on Check Now!
• A new window will appear; fill in the boxes (Country, State, email addy)
• Click on Scan Now! >
  If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
• From "Select a device to scan...", choose "My Computer"
• Allow the scan to run. It'll take a while.
• When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
• I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

Andy

[urban_rose]

i downloaded combofix. I started it too, it started the scanning process, and said summat like 'deep scanning your computer'. and underneath it had a blinking ' _ ', it stayed like that for at least 45 mins, and it didnt display anything else. So i exited the window. whilst its scanning, is it meant to display the progress, or is it always like what i mentioned above?

[andydf]

It starts off as you described, although it's usually quite a short scan. During the scan a couple of messages appear telling you where the log will be saved etc, try it again, if you still have no joy we'll try a different route.

Andy

[urban_rose]

I tried combofix another two times, but its still the same. It doesnt display anything. Please help with another approach

[andydf]

Hi urban_rose

You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Click This link for further help.

Next
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ytfeng] C:\WINDOWS\system32\shfzwm.exe r
O8 - Extra context menu item: &Search - http://bar.mywebsear...GB_ZUxdm082YYIN

Now close all windows other than HiJackThis, then click Fix Checked.

Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files.

C:\WINDOWS\system32\shfzwm.exe

After that, Reboot.

Are you able to run the active scan as stated in my origonal post? If so post the results in your reply.

Andy

[urban_rose]

Hi,

I ran a panda scan thrice, it showed spyware as 17, i only scanned Drive C, but all times, the comp froze and shut down before it could finish the scan and give a report.

I followed your instructions on Hijack This, and this is the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 19:53, on 07-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\BTHCToolsDisk\BTHCToolsDisk.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.virgin.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [XpandRallySetup.exe] C:\DOCUME~1\Umar\MYDOCU~1\XPANDR~1.EXE /r
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Website BT Home Computing.lnk = C:\Program Files\BTHCToolsDisk\BTHCToolsDisk.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahn.../cab/AhnASP.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DFBB031-2B20-45EB-9755-9CBCEF35A292}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DFBB031-2B20-45EB-9755-9CBCEF35A292}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Documents and Settings\barira\My Documents\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[andydf]

Hi urban_rose

Thiis line in your log O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon indicates you once had the Clamwin antivirus on your machine, can you cofirm this? If so, we can remove this item.

Lets try this one.

Right Click the Desktop and Select New--> Folder--> Name it SysClean

• Download the Sysclean Package to the folder you made.
• Next,download the Virus Pattern Files (Official Pattern Release) to your desktop from Here
• Right Click and Select Extract All to unzip the folder.
• Now,from the unzipped folder,move lpt$vpn.XXX file to the SysClean folder.
• Restart in SAFE MODE(Tap F8 when restarting)
• Open the SysClean Folder and doubleclick sysclean.com
• Be sure Automatically clean or delete detected files is checked.
• Click the Scan button to begin,please be patient,it will take a little bit to finish.
• Once complete,verify the log from the scan (SYSCLEAN.LOG) is in the SysClean folder and restart back to Normal Mode.
• Copy&Paste those results in the next reply.

Tutorial from Trend
http://esupport.tren...entID=en-125991

Andy

[urban_rose]

To tell you the truth, i dont remember having clamwin on the comp, but then again i have had many others.
For this virus pattern thing, you say i have to run it in safe mode, right? Right now, we have two adminstrators, and the internet has been setup to work on only one of the admnistrator accounts. When i run safe mode, the welcome screeen, displays the two adminstarator accounts by their usernames, and also an addtional user account, which is not present when i run the comp on normal settings. This new user account is called 'Adminstrator', so which user account do i use, the one i use all the time to access the internet, or this new 'adminstrator' userr account?

[andydf]

Hi urban_rose

In safe mode you will not have internet access and as long as you log into an account with administrator rights you should be ok. The 'new' administrator account you see in safe mode is normal and nothing to worry about

Andy

[urban_rose]

........

Edited by urban_rose, 06 February 2007 - 02:25 PM.

[andydf]

Hi urban_rose

Well that didn't show much, lets try an online scan, if the Active scan won't run try one of these below and posty the results.

Kaspersky OnLine Scan using the extended database if possible. Or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Andy

[urban_rose]

Ok, so i did a kaspersky and bit defender scan, they didnt show anything at all, zilch for viruses and anything else.
is there anything else we could try, cuz the same problems are happening?

Edited by urban_rose, 22 January 2007 - 02:14 PM.

[andydf]

Hi urban_rose
Lets see if something is hiding.
Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, then click scan.

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Next
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Files Created Within group click 30 days
  • In the Files Modified Within group select 30 days
  • In the File String Search group select Non-Microsoft
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Andy

[urban_rose]

that first link doesnt work, andy

one more ques for u, after we finish doing everything and hopefully solve the problem, u know all this extra stuff ive downloaded, will i be able to delete it, cuz sometimes not all the programs appear on that control panel-add/delete programs.