Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I am having serious isses with more than 19 viruses not limited to tro


  • This topic is locked This topic is locked

#1
westcovinaboyz

westcovinaboyz

    Member

  • Member
  • PipPip
  • 25 posts
Basically my computer was crashing fast, with a variation of viruses. My wife turned off our firewall cause she couldnt access certain sights. She disabled it. My virus protection hadnt been updated for 6 month or so, it should have been set to automatic live update, but wasnt. I use Limewire occasionally. My computer is a Compaq Presario that I bought a year ago, it started getting slow a few weeks ago and got to the point where it would take sometimes 10 min to open Mozilla, or really anything for that matter. Sometimes things get stuck on the screen even though I have closed them. It is really bad! I am posting a Hijac this repory along with this. Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:40 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\All Users\Start Menu\Programs\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11585 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello westcovinaboyz

Welcome to G2Go. :)
=====================
Please uninstall averything to do with Norton.
As you are running 2 antivirus programs.

Keep only AVG free.
==================
After that Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey the DSS only ran a main text file, no extra text!
Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2008-04-02 13:59:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 90% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:45 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\All Users\Start Menu\Programs\SASWINLO.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9175 bytes

-- Files created between 2008-03-02 and 2008-04-02 -----------------------------

2008-04-01 23:36:59 0 d-------- C:\Program Files\InterActual
2008-04-01 19:37:38 0 d-------- C:\MY_DVD
2008-04-01 19:32:47 0 d-------- C:\MY_DVDS
2008-03-29 07:07:32 0 --a------ C:\WINDOWS\ORUN32.EXE
2008-03-29 07:07:11 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-03-29 01:03:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 01:02:25 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-03-29 00:54:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 00:22:52 0 d-------- C:\WINDOWS\system32\NtmsData
2008-03-28 09:45:27 56 --a------ C:\ut9x.bat
2008-03-28 09:45:26 54 --a------ C:\ut.bat
2008-03-28 09:32:36 0 d--h----- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}
2008-03-28 09:31:50 0 d-------- C:\Program Files\XPC Tools
2008-03-28 09:13:33 0 d-------- C:\Program Files\Driver-Soft
2008-03-28 05:57:23 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
2008-03-27 06:45:11 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-27 06:45:09 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-03-27 06:45:09 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-27 06:45:09 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-27 06:45:08 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-27 06:45:06 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-03-27 06:44:56 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-27 00:29:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-27 00:20:20 0 d-------- C:\AWAKE
2008-03-26 04:10:28 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-25 11:33:40 0 dr-h----- C:\$VAULT$.AVG
2008-03-25 10:43:06 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG7
2008-03-25 10:42:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-25 10:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-25 10:26:21 0 dr-hs---- C:\cmdcons
2008-03-25 10:26:11 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Recent
2008-03-25 10:25:40 0 d-------- C:\WINDOWS\setupupd
2008-03-25 10:14:24 0 dr------- C:\Documents and Settings\Compaq_Administrator\Favorites
2008-03-25 10:14:24 0 d-------- C:\Documents and Settings\Compaq_Administrator\Desktop
2008-03-25 10:14:24 0 d---s---- C:\Documents and Settings\Compaq_Administrator\Cookies
2008-03-25 10:14:24 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Application Data
2008-03-25 10:14:24 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2008-03-25 10:14:24 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape
2008-03-25 10:14:24 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
2008-03-25 10:14:24 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
2008-03-25 10:14:24 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2008-03-25 10:14:23 0 d-------- C:\Documents and Settings\Compaq_Administrator\WINDOWS
2008-03-25 10:14:23 0 d--h----- C:\Documents and Settings\Compaq_Administrator\Templates
2008-03-25 10:14:23 0 dr------- C:\Documents and Settings\Compaq_Administrator\Start Menu
2008-03-25 10:14:23 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\SendTo
2008-03-25 10:14:23 0 d--h----- C:\Documents and Settings\Compaq_Administrator\PrintHood
2008-03-25 10:14:23 2097152 --a------ C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT
2008-03-25 10:14:23 0 d--h----- C:\Documents and Settings\Compaq_Administrator\NetHood
2008-03-25 10:14:23 0 dr------- C:\Documents and Settings\Compaq_Administrator\My Documents
2008-03-25 10:14:23 0 d--h----- C:\Documents and Settings\Compaq_Administrator\Local Settings
2008-03-25 10:04:04 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-25 09:11:30 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-03-25 05:26:24 0 d-------- C:\Program Files\Digital Locker Assistant
2008-03-24 08:09:08 0 d-------- C:\Program Files\Trend Micro
2008-03-24 07:25:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 07:21:33 0 d-------- C:\Program Files\SpywareBlaster
2008-03-24 06:37:56 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Grisoft
2008-03-24 06:37:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-22 14:47:04 0 d--hs---- C:\found.003
2008-03-22 14:27:59 262144 --a------ C:\Documents and Settings\Application Data\NTUSER.DAT
2008-03-22 14:25:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Netscape
2008-03-22 14:25:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-03-22 08:45:44 5632 --a------ C:\mstn.exe
2008-03-22 02:40:30 0 d-------- C:\Program Files\eSoftware
2008-03-22 02:35:52 16373 --a------ C:\WINDOWS\hosts
2008-03-22 02:35:51 6656 --a------ C:\hlpr.exe
2008-03-20 21:17:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-03-20 12:44:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-03-20 12:42:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-03-20 12:36:59 0 d-------- C:\Program Files\VstPlugins
2008-03-20 12:30:59 0 d-------- C:\Program Files\Image-Line
2008-03-20 11:06:42 0 d-------- C:\Program Files\RABCO
2008-03-16 01:31:23 0 d-------- C:\WINDOWS\Recent
2008-03-16 01:31:14 0 d-------- C:\audio
2008-03-15 23:20:38 0 d-------- C:\Program Files\Audacity
2008-03-15 23:04:39 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Anvil Studio
2008-03-11 08:54:20 53248 --a------ C:\WINDOWS\CmiPCIUninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2008-03-11 08:54:15 917504 --a------ C:\WINDOWS\system\CMDS3D3.DLL <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-03-11 08:54:15 0 d-------- C:\Program Files\Xtreme Sound PCI
2008-03-11 08:53:47 0 d-------- C:\Diamond
2008-03-11 08:53:43 0 d-------- C:\Program Files\Xtreme Sound Driver Setup
2008-03-03 08:07:23 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller


-- Find3M Report ---------------------------------------------------------------

2008-04-02 11:15:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 11:13:17 0 d-------- C:\Program Files\Soulseek
2008-04-02 11:03:37 0 d-------- C:\Program Files\Symantec
2008-04-02 11:03:03 0 d-------- C:\Program Files\Common Files
2008-03-29 17:27:41 0 d--hs---- C:\Program Files\KGS
2008-03-29 07:07:41 0 d-------- C:\Program Files\HP
2008-03-28 10:12:58 123117 --a------ C:\WINDOWS\HPHins12.dat
2008-03-27 06:44:50 0 d-------- C:\Program Files\Ahead
2008-03-25 04:36:14 0 d-------- C:\Program Files\WinZip E-Mail Companion
2008-03-25 04:35:29 2237963 --a------ C:\Program Files\WinZip E-Mail Companion.zip
2008-03-25 03:09:23 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-25 03:07:18 0 d-------- C:\Program Files\MSN Messenger
2008-03-25 00:11:34 10085 --a------ C:\Program Files\hijackthis.log
2008-03-24 23:58:05 3154 --a------ C:\WINDOWS\mozver.dat
2008-03-24 10:50:24 0 d-------- C:\Program Files\QuickTime
2008-03-24 09:05:52 0 d-------- C:\Program Files\ASMtr
2008-03-23 00:38:17 0 d-------- C:\Program Files\LimeWire
2008-03-22 11:52:34 15 --a------ C:\WINDOWS\7743-3BAB-7E13-1D63.dat
2008-03-21 00:09:34 0 d-------- C:\Program Files\Mario Forever
2008-03-14 21:18:55 104 --a------ C:\Program Files\Recycle Bin.lnk
2008-03-14 20:54:42 0 d-------- C:\Program Files\Picasa2
2008-03-14 00:06:00 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2008-03-08 16:05:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 23:07:09 0 d-------- C:\Program Files\iTunes
2008-02-28 21:11:58 0 d-------- C:\Program Files\AOL 9.1
2008-02-28 21:11:22 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AOL
2008-02-28 21:10:46 0 d-------- C:\Program Files\Common Files\AOL
2008-02-28 21:10:28 0 d-------- C:\Program Files\Common Files\aolshare
2008-02-28 21:09:56 0 d-------- C:\Program Files\Viewpoint
2008-02-28 21:09:53 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-02-28 21:04:31 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla
2008-02-28 20:36:47 0 d-------- C:\Program Files\Carbonite
2008-02-28 02:02:10 2210 --a------ C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-02-27 09:18:36 0 d-------- C:\Program Files\FunWebProducts
2008-02-24 20:48:03 0 d-------- C:\Program Files\Disney
2008-02-19 02:09:30 0 d-------- C:\Program Files\Common Files\ISPCOMP
2008-02-15 15:17:49 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\TomTom
2008-02-15 15:17:40 0 d-------- C:\Program Files\TomTom HOME 2
2008-02-15 15:17:32 0 d-------- C:\Program Files\TomTom HOME
2008-02-07 18:07:06 217088 --a------ C:\Program Files\Common Files\xibafipy89104.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 09:01 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 02:05 PM C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 08:05 PM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/02/2005 11:19 PM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 03:50 PM]
"nwiz"="nwiz.exe" [05/09/2006 03:50 PM C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 10:14 PM]
"@"="" []
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 10:34 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/14/2004 02:23 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [02/17/2005 06:11 AM]
"C-Media Mixer"="Mixer.exe" [10/15/2002 07:00 PM C:\WINDOWS\mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/25/2008 10:42 AM]
"!AVG Anti-Spyware"="C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads\Virus fixes\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [09/22/2004 05:10 PM]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [03/27/2008 07:17 PM]
"SUPERAntiSpyware"="C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware.exe" [04/02/2008 01:55 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 5:05:26 AM]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [8/14/2006 4:13:46 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/3/2007 12:10:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Documents and Settings\All Users\Start Menu\Programs\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Documents and Settings\All Users\Start Menu\Programs\SASWINLO.DLL 04/02/2008 01:55 PM 294912 C:\Documents and Settings\All Users\Start Menu\Programs\SASWINLO.DLL

*Newly Created Service* - SASDIFSV



-- End of Deckard's System Scanner: finished at 2008-04-02 14:01:55 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

C:\Program Files\Common Files\xibafipy89104.dll
C:\mstn.exe
C:\ut.bat
C:\ut9x.bat


Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#5
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
AhnLab-V3 2008.3.12.0 2008.03.13 Win-AppCare/Ttc.217088
AntiVir 7.6.0.73 2008.03.13 ADSPY/TTC.D.1
Authentium 4.93.8 2008.03.13 -
Avast 4.7.1098.0 2008.03.13 -
AVG 7.5.0.516 2008.03.12 Adware Generic2.ABNX
BitDefender 7.2 2008.03.13 -
CAT-QuickHeal 9.50 2008.03.12 AdWare.TTC.d (Not a Virus)
ClamAV 0.92.1 2008.03.13 -
DrWeb 4.44.0.09170 2008.03.13 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5611 2008.03.13 -
Ewido 4.0 2008.03.13 Not-A-Virus.Adware.TTC
FileAdvisor 1 2008.03.13 -
Fortinet 3.14.0.0 2008.03.13 Adware/TTC
F-Prot 4.4.2.54 2008.03.13 -
F-Secure 6.70.13260.0 2008.03.13 -
Ikarus T3.1.1.20 2008.03.13 AdWare.TTC.D.1
Kaspersky 7.0.0.125 2008.03.13 not-a-virus:AdWare.Win32.TTC.d
McAfee 5250 2008.03.12 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2944 2008.03.13 -
Norman 5.80.02 2008.03.12 W32/TTC.FM
Panda 9.0.0.4 2008.03.12 -
Prevx1 V2 2008.03.13 -
Rising 20.35.32.00 2008.03.13 -
Sophos 4.27.0 2008.03.13 AdMoke
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.13 -
TheHacker 6.2.92.244 2008.03.12 -
VBA32 3.12.6.2 2008.03.13 AdWare.Win32.TTC.d
VirusBuster 4.3.26:9 2008.03.12 -
Webwasher-Gateway 6.6.2 2008.03.13 Ad-Spyware.TTC.D.1
Additional information
File size: 217088 bytes
MD5: b503903356b904c1b7ead57c348a3377
SHA1: a2a61da03b0576491fb811732ebcdb7c92053a79
PEiD: -

AhnLab-V3 - - Win-Trojan/Agent.5632.BU
AntiVir - - TR/Dldr.Agent.mac
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - Packer.Krunchy.B
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - Trojan.DownLoader.31981
eSafe - - -
eTrust-Vet - - Win32/VMalum.CINV
Ewido - - -
FileAdvisor - - High threat detected
Fortinet - - -
F-Prot - - W32/Downldr2.BLTJ
F-Secure - - Trojan-Downloader.Win32.Agent.mac
Ikarus - - Packer.Krunchy.B
Kaspersky - - Trojan-Downloader.Win32.Agent.mac
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - W32/Agent.dam
Panda - - Suspicious file
Prevx1 - - Trojan.Downloader
Rising - - -
Sophos - - Mal/EncPk-BP
Sunbelt - - -
Symantec - - -
TheHacker - - Trojan/Downloader.Agent.mac
VBA32 - - -
VirusBuster - - Packed/FRBR
Webwasher-Gateway - - Trojan.Dldr.Agent.mac
Additional information
MD5: 1a5e2001e64e6a17e7e8b1004e2d0b33
SHA1: f7b0dc4d4d007892d74da774384fab22c3b44193
SHA256: 7088f2a83f40a664462fc5d18c437e4ff3e8d2019dda07eaac39fb369ec48115
SHA512: 4e5ec3e87c39a41dfcfdd081f512c0eff7403e6f6fc900c1d3df684e0e6354bc 5e39634a69b6727a7911abc3db2516b91e44f778a46d9f78f74e5ed712b6e4ed

Antivirus Version Last Update Result
AhnLab-V3 2008.3.22.1 2008.03.21 -
AntiVir 7.6.0.75 2008.03.21 -
Authentium 4.93.8 2008.03.20 -
Avast 4.7.1098.0 2008.03.21 -
AVG 7.5.0.516 2008.03.21 -
BitDefender 7.2 2008.03.22 -
CAT-QuickHeal 9.50 2008.03.21 -
ClamAV 0.92.1 2008.03.22 -
DrWeb 4.44.0.09170 2008.03.21 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5633 2008.03.21 -
Ewido 4.0 2008.03.21 -
FileAdvisor 1 2008.03.22 -
Fortinet 3.14.0.0 2008.03.21 -
F-Prot 4.4.2.54 2008.03.20 -
F-Secure 6.70.13260.0 2008.03.21 -
Ikarus T3.1.1.20 2008.03.22 -
Kaspersky 7.0.0.125 2008.03.22 -
McAfee 5257 2008.03.21 -
Microsoft 1.3301 2008.03.21 -
NOD32v2 2967 2008.03.21 -
Norman 5.80.02 2008.03.20 -
Panda 9.0.0.4 2008.03.22 -
Prevx1 V2 2008.03.22 -
Rising 20.36.42.00 2008.03.21 -
Sophos 4.27.0 2008.03.21 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.22 -
TheHacker 6.2.92.250 2008.03.19 -
VBA32 3.12.6.3 2008.03.21 -
VirusBuster 4.3.26:9 2008.03.21 -
Webwasher-Gateway 6.6.2 2008.03.21 -
Additional information
File size: 54 bytes
MD5: dbe37a04c7b1a57ec22353dc04ec1cf6
SHA1: 5ff279c6b192a076a3e67111d61da667f45ff33d
PEiD: -

Antivirus Version Last Update Result
AhnLab-V3 2007.12.8.0 2007.12.07 -
AntiVir 7.6.0.40 2007.12.07 -
Authentium 4.93.8 2007.12.06 -
Avast 4.7.1098.0 2007.12.06 -
AVG 7.5.0.503 2007.12.07 -
BitDefender 7.2 2007.12.07 -
CAT-QuickHeal 9.00 2007.12.07 -
ClamAV 0.91.2 2007.12.07 -
DrWeb 4.44.0.09170 2007.12.07 -
eSafe 7.0.15.0 2007.12.06 -
eTrust-Vet 31.3.5359 2007.12.07 -
Ewido 4.0 2007.12.07 -
FileAdvisor 1 2007.12.07 -
Fortinet 3.14.0.0 2007.12.07 -
F-Prot 4.4.2.54 2007.12.06 -
F-Secure 6.70.13030.0 2007.12.07 -
Ikarus T3.1.1.12 2007.12.07 -
Kaspersky 7.0.0.125 2007.12.07 -
McAfee 5179 2007.12.06 -
Microsoft 1.3007 2007.12.07 -
NOD32v2 2709 2007.12.07 -
Norman 5.80.02 2007.12.07 -
Panda 9.0.0.4 2007.12.06 -
Prevx1 V2 2007.12.07 -
Rising 20.21.42.00 2007.12.07 -
Sophos 4.24.0 2007.12.07 -
Sunbelt 2.2.907.0 2007.12.07 -
Symantec 10 2007.12.07 -
TheHacker 6.2.9.152 2007.12.07 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.07 -
Webwasher-Gateway 6.6.2 2007.12.07 -
Additional information
File size: 56 bytes
MD5: 5615704785056e76c40d9ce6a6c92c9e
SHA1: 26cbfaf24a5fc83e8c3f8774643a247e6d534d69
PEiD: -
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I would like for you to submit a file for me to analyze.

Go to Start> My Computer.
Then C: then find this file >C:\mstn.exe

Then click Here to upload the file please.

Thank you.
  • 0

#7
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I have sent the requested file for scan to the requested sight and is done. Thank You
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Common Files\xibafipy89104.dll
    C:\mstn.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===========================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
DllUnregisterServer procedure not found in C:\Program Files\Common Files\xibafipy89104.dll
C:\Program Files\Common Files\xibafipy89104.dll NOT unregistered.
C:\Program Files\Common Files\xibafipy89104.dll moved successfully.
C:\mstn.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04022008_203125

I cannot open thw Kapersky online scanner?? When I click on accept it does not prompt me to do anything??
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

Advertisements


#11
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey thanks, I got the Kapersky Web Scanner to work finally, I was trying to open it up with Mozilla, when it must be opened with explorer. It has a long way to go, it has been going a few hours and is only 24 percent. Do you also want me to run the Panda scan??
  • 0

#12
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I had both the Kapersky and Panda scan running simultaneously, their respective sights say it should take about an hour for either scan, but my computer is running so slow that it has been 4-5 hours since I started the scans and one is only 12% complete, the other is 26%. I stopped the Panda scan for now because Im wondering if one will run faster without the other running? When I stopped the Panda scan, It had identified 2 viruses and gives me the option to be disinfected, should I disinfect those 2 viruses even though the scan only completed 12%. The Kapersky scan isx now running faster and has identified 13 viruses at 29% completion.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

should I disinfect those 2 viruses even though the scan only completed 12%.

No it will ask you to pay for it anyway.

Please just post the kaspersky log when it is done.
  • 0

#14
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey Kahdah, I really appreciate your help, the Kapersky scan has been going for 18 hours now and is getting progressively slower, in fact the timer has stopped as well at 97% completion, I am going to give it a while to restart itself, before I rerun the scan. It has also identified 44 serious, or high threat viruses (I think), where I originally had 19 as per the AVG anti-virus software, also it seems my infected files has quadrupled in numbers. My computer is barely running as well, but I will keep on with this and hope with your gratious help we can fix this, Thanks again!!
  • 0

#15
westcovinaboyz

westcovinaboyz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey, I really dont know what to do next?? I restarted the Kaspersky scan AGAIN and it went for 25 hours and it shut off before completing, Im not really sure if it completed or not it should have, but when I returned home from work there was no indication of any scan or scan results, the Kapersky sight was no where to be found. This is 2 times Ive ran them for a total of 43 hours of scan time, still with no final report?? I will try the Panda scan this time, but what is going to be the back up plan if this doesnt work?? Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP