Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Older system freezing up [RESOLVED]


  • This topic is locked This topic is locked

#16
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class]
[Files/Folders - Created Within 30 days]
YY -> 1 C:\*.tmp files -> C:\*.tmp
YY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
YY -> 1 C:\*.tmp files -> C:\*.tmp
YY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.


Let me know if the problem persists
  • 0

Advertisements


#17
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Hello...

WinPFind said to reboot to apply the fixes, which I did. I believe this is the logfile from that action. Also, the RUNDLL errors remain on both user accounts.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 days]
[Extra Files]
< Purity >
[Empty Temp Folders]
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.0.0 fix logfile created on 02212008_101808
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok are you still having those errors on startup ?
  • 0

#19
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Yes.
  • 0

#20
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Strange

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall




Also post a new HijackThis log
  • 0

#21
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Help!

The first time i ran ComboFix it completed the scan but when I clicked on the logfile to copy it I lost everything on my desktop, except the background and the cursor. Task Manager said IE and the logile were the only 2 applications open. I had to close those applications via Task Manager reboot to get anywhere. Now running ComboFix again and my Norton AV says my computer is halted--a malicious script is trying to run (C:\CombiFix\localdrive.vbs). I can get Task Manager to open which says Norton is running 2 times and ComboFix is open. Can't do anything else.

What now?
  • 0

#22
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you run it in Safe Mode, accept any prompts by Norton, and post the logfile

Let me know how that goes
  • 0

#23
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Running it in safe mode worked, although Norton AV had a lot to say about it! The HijackThis file will be in the next post.

ComboFix 08-02-21 - angi 2008-02-21 12:37:51.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\angi\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 17:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-20 17:53 . 2008-02-20 17:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-19 21:37 . 2008-02-19 21:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-19 21:37 . 2008-02-19 21:37 <DIR> d-------- C:\WINDOWS\ehome
2008-02-19 21:28 . 2002-08-29 05:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-02-19 21:26 . 2002-04-22 20:18 766,934 --a------ C:\WINDOWS\system32\instcat.sql
2008-02-19 20:51 . 2001-08-23 07:00 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-02-19 20:51 . 2001-08-23 07:00 29,338 --a------ C:\WINDOWS\system32\EULA.TXT.wga
2008-02-19 20:51 . 2001-08-23 07:00 27,136 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-02-19 20:51 . 2008-02-19 20:51 12,922 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-19 20:37 . 2008-02-19 20:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-19 20:36 . 2008-02-19 20:36 142 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-19 12:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-19 12:45 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-18 15:47 . 2008-02-18 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 07:30 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\sdrkjtscwscx.sys
2008-02-17 17:25 . 2008-02-17 17:25 <DIR> d-------- C:\Documents and Settings\angi\Application Data\Grisoft
2008-02-17 13:15 . 2008-02-18 07:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 13:15 . 2008-02-17 13:15 <DIR> d-------- C:\Documents and Settings\angi\Application Data\SUPERAntiSpyware.com
2008-02-17 13:15 . 2008-02-17 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Tina\Application Data\MSN6
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Tina\Application Data\Grisoft
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\Grisoft
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Allyson\Application Data\Grisoft
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 15:27 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-15 15:24 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\smpvgfgihmvs.sys
2008-02-15 09:16 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-15 09:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-15 09:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-15 09:16 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-15 07:29 . 2008-02-18 07:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 07:29 . 2008-02-18 07:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 07:29 . 2008-02-18 07:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 07:29 . 2008-02-18 07:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-14 14:38 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 09:48 . 2008-01-31 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 09:46 . 2008-02-17 13:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 08:02 . 2008-02-14 12:03 429 --a------ C:\WINDOWS\wininit.ini
2008-01-23 19:45 . 2008-01-23 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-23 19:35 . 2008-02-18 07:15 <DIR> d-------- C:\Program Files\Bonjour
2008-01-23 19:17 . 2008-01-23 19:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 23:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 22:54 --------- d-----w C:\Program Files\Java
2008-02-18 12:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 12:14 --------- d-----w C:\Program Files\QuickTime
2008-02-18 12:14 --------- d-----w C:\Program Files\iTunes
2008-02-18 12:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 12:13 --------- d-----w C:\Program Files\Google
2008-02-16 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 21:35 --------- d-----w C:\Program Files\Norton SystemWorks
2008-02-04 22:17 --------- d-----w C:\Documents and Settings\Tina\Application Data\uTorrent
2008-01-31 14:48 --------- d-----w C:\Program Files\Lavasoft
2008-01-31 14:48 --------- d-----w C:\Documents and Settings\angi\Application Data\Lavasoft
2008-01-18 20:30 --------- d-----w C:\Documents and Settings\Tina\Application Data\Pegasys Inc
2008-01-14 00:10 202,240 ----a-w C:\WINDOWS\system32\Pride & Prejudice - Mr Darcy.scr
2008-01-13 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-13 23:03 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-01-13 23:00 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-13 22:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 22:58 --------- d-----w C:\Program Files\Macromedia
2008-01-07 02:58 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-01-06 03:48 --------- d-----w C:\Program Files\iPod
2008-01-06 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 03:41 --------- d-----w C:\Program Files\Apple Software Update
2008-01-06 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-05-19 01:51 49,344 -c--a-w C:\Documents and Settings\Allyson\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 21:54 49,344 -c--a-w C:\Documents and Settings\Tina\Application Data\GDIPFONTCACHEV1.DAT
2004-03-06 05:29 49,344 -c--a-w C:\Documents and Settings\Jennifer\Application Data\GDIPFONTCACHEV1.DAT
2001-08-23 12:00 94,784 -csh--w C:\WINDOWS\twain.dll
2001-08-23 12:00 46,592 -csh--w C:\WINDOWS\twain_32.dll
2001-08-23 12:00 995,383 --sh--w C:\WINDOWS\system32\mfc42.dll
2001-08-23 12:00 50,688 --sh--w C:\WINDOWS\system32\msvcirt.dll
2002-08-29 10:41 401,462 --sha-w C:\WINDOWS\system32\msvcp60.dll
2002-08-29 10:41 323,072 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-29 10:41 569,344 --sh--w C:\WINDOWS\system32\oleaut32.dll
2001-08-23 12:00 106,496 --sh--w C:\WINDOWS\system32\olepro32.dll
2001-08-23 12:00 9,728 -csh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 05:41 1511453]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 21:12 132248]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:41 13312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus Xtreme G"="C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-09-19 21:34 2498560]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-03 21:24 196608]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 16:59 218240]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-05 22:18 100056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HPHmon03"="C:\WINDOWS\System32\hphmon03.exe" [2001-08-03 21:24 311296]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-20 16:19 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 03:57:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 01:13:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - angi.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-18 19:47:56 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-02-21 05:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 12:47:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-21 12:56:22
ComboFix-quarantined-files.txt 2008-02-21 17:56:18
ComboFix2.txt 2008-02-21 16:19:31
.
2008-02-20 01:37:36 --- E O F ---
  • 0

#24
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
This was done in regular mode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:02 PM, on 2/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203365557654
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10923 bytes
  • 0

#25
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
So you are still getting error messages on bootup ?

Delete WinPFind35U and it's folder then do this

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Under Rootkit Search change that to Yes.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply.


Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post.
  • 0

Advertisements


#26
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
When I ran the WinP scan, Norton popped up saying it detected a Trojan it could not repair, then said access denied:

C:DOC~1\angie\L...\jotllpyp1.dll

I am still getting the one error message when I open Allyson user account and the other 4 messages when I open the Tina user account.

I will attatch the Runscanner in the next post.

Attached Files


  • 0

#27
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Runscanner file:

Attached Files


  • 0

#28
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.


Reboot your PC and tell me if the pop ups still persist
  • 0

#29
a_to_z

a_to_z

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
As you can see, I've tried to download the file several times but it never makes it to my desktop, or anywhere else on my PC for that matter. I've selected "save" twice and "open" once. What am I doing wrong?
  • 0

#30
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You don't need to save it anywhere, just open up the fix.zip file, double click the .run file in it, then follow the steps for fixing the items in red

Let me know how that goes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP