Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Help [CLOSED]

Started by littlemikel , May 13 2008 06:54 PM

  • This topic is locked This topic is locked

#1
littlemikel
Posted 13 May 2008 - 06:54 PM

littlemikel

    New Member

  • Member
  • Pip
  • 6 posts
I am having trouble with my computer and have no idea what is wrong with it. It started out by my IM programs would not sign in. Computer is running really slow. I tried to install windows updates and it would not let me. I searched on the internet and found this forum and did these changes
http://www.castlecop...wly_Edited.html
The computer worked fine until I turned it off and back on that night. I have ran system restore for the same exact reason a couple of times. Same results everytime. When I turn it off it will not let programs run. Now I have downloaded Spybot and fixed the errors I found on there. COuld someone please help me. Here is my Hijackthis log. I do not know what I am doing when it comes it working on a computer. I am only a home user. Please help. THank you so much for your help in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:10 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.castlecops.com
O16 - DPF: Yahoo! Pool 2 - http://download2.gam...ts/y/poti_x.cab
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bel...oad/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1177544194546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190141973500
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.tagged....aploader_v5.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay10...ex/HMAtchmt.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ipv7 - Unknown owner - C:\WINDOWS\ipv7.exe (file missing)
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10094 bytes
  • 0

Advertisements

#2
greyknight17
Posted 13 May 2008 - 07:56 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

FriendFinder

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O23 - Service: ipv7 - Unknown owner - C:\WINDOWS\ipv7.exe (file missing)

Go into HijackThis->Config->Misc Tools->Delete an NT service and type in ipv7 and hit OK.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\FriendFinder\

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
littlemikel
Posted 15 May 2008 - 04:35 PM

littlemikel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok thank you very much. I am going to go try this now.
  • 0

#4
littlemikel
Posted 15 May 2008 - 06:09 PM

littlemikel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the combofix log.
ComboFix 08-05-15.2 - Owner 2008-05-15 19:44:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.89 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\smsc.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 19:43 . 2008-05-15 19:44 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-13 21:32 . 2008-05-13 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-13 20:05 . 2008-05-13 20:08 766 --a------ C:\WINDOWS\wininit.ini
2008-05-13 16:36 . 2008-05-13 16:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 16:35 . 2008-05-13 16:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-13 16:35 . 2008-05-13 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 18:33 . 2008-05-12 18:33 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-05-12 18:25 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-05-11 06:37 . 2008-05-11 06:37 108 --ah----- C:\aaw7boot.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 23:53 54,116,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 21:41 634,628 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 21:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-14 00:41 --------- d-----w C:\Program Files\Yahoo!
2008-05-14 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-14 00:30 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2008-05-12 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 23:30 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-11 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-05-11 10:37 --------- d-----w C:\Program Files\MSN Messenger
2008-05-10 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-01 02:18 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-31 01:43 276,480 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-25 01:40 --------- d-----w C:\Program Files\SBC Self Support Tool
2008-03-25 01:40 --------- d-----w C:\Program Files\Common Files\Motive
2008-03-25 00:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Motive
2008-03-25 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 00:16 --------- d-----w C:\Program Files\Broadcom
2008-03-25 00:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-25 00:04 --------- d-----w C:\Program Files\Dell
2008-03-20 22:07 --------- d-----w C:\Program Files\att-nap
2008-03-20 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 20:59 294,912 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-14 03:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-10 22:47 3,059,710 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 02:59 439,296 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-10-11 13:23 2,103,064 ----a-w C:\Documents and Settings\Owner\Application Data\PerformanceoptimizerFreeSetup[1].exe
2007-10-11 13:22 75,016 ----a-w C:\Documents and Settings\Owner\Application Data\PerfomanceOptimizerPre_Installer[1].exe
.

------- Sigcheck -------

2002-09-03 13:05 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 14:20 561152 74202eb1bd67e8be9509e38c8d2234b0 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2002-09-03 13:08 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtUninstallKB896424_0$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-08-04 03:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2006-08-16 08:14 70656 7b6a08441a4f11320421599d7ecf8d41 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2002-09-03 13:14 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 08:15 70656 3748e0fc8c1b6ada49f98c8e69a4228c C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 03:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2007-06-26 10:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 08:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-08-20 06:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2002-09-03 13:12 599040 f3587750a7481dccbea13d473a0700be C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 10:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 09:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 06:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\0e573dbed32e8bd8f7ba833ffcfb788c\SP2GDR\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\0e573dbed32e8bd8f7ba833ffcfb788c\SP2QFE\wininet.dll
2007-08-20 06:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll
2007-08-20 06:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 07:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2002-09-03 13:06 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2002-09-03 13:12 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2002-09-03 12:47 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 02:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 02:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-01 20:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2002-09-03 13:04 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtUninstallKB885835_0$\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2004-10-22 03:29 1955840 efa7883018f42295d927121808ae6cee C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-04 01:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-01 21:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2002-09-03 12:50 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtUninstallKB885835_0$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2004-10-22 04:33 2088448 5a7eb0c9f96917b7ecf5adf70c4b1bae C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-04 02:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-09-03 12:32 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-03 12:59 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-04 03:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2002-09-03 12:39 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-04 03:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2002-09-03 12:29 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-05-12 18:33 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-05-12 18:33 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-29 11:55 1347584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 20:34 579584]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 13:10 57344]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-09 18:55 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-03-24 20:44:43 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= xl_I420.dll
"VIDC.UYVY"= xl_uyvy.dll
"VIDC.YUY2"= xl_yuy2.dll
"MSVideo"= ucdvfw.dll
"VIDC.YV12"= xl_yv12.dll
"VIDC.XJPG"= camfc.dll
"VIDC.D263"= xl_x263dec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-08-24 07:51 442455 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 16:56]
R3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2002-03-26 08:56]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 16:56]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 16:56]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 23:11:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 19:52:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 19:57:22
ComboFix-quarantined-files.txt 2008-05-15 23:57:11

Pre-Run: 15,611,719,680 bytes free
Post-Run: 16,128,675,840 bytes free

253 --- E O F --- 2008-05-15 22:09:10
Thanks.

My messengers still will not log in.
  • 0

#5
greyknight17
Posted 15 May 2008 - 06:46 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Double click on C:\WINDOWS\wininit.ini to open it up in Notepad. Copy and paste all the contents of that file here. Then delete everything there. Copy and paste the below two lines back to that file and save it:

[rename]
nul=

Delete these files:

C:\Documents and Settings\Owner\Application Data\PerformanceoptimizerFreeSetup[1].exe
C:\Documents and Settings\Owner\Application Data\PerfomanceOptimizerPre_Installer[1].exe

Can you go into your ZoneAlarm firewall program and confirm that it's allowing your IM programs access to the internet? It might be blocking them...
  • 0

#6
littlemikel
Posted 15 May 2008 - 07:39 PM

littlemikel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I am sorry I do not understand what you mean by double clicking on the C:/WINDOWS. Where do I go to to click on it?? Also where do I go to delete the 2 other things you had listed?
I am sorry.

Edited by littlemikel, 15 May 2008 - 07:59 PM.

  • 0

#7
greyknight17
Posted 16 May 2008 - 04:42 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to My Computer->Local Disk C:->Windows and look for wininit.ini. Double click on it.....follow the rest of the instructions.

The same applies for the deletion part. Go to My Computer->Local Disk C:->Documents and Settings->Owner->Application Data and look for those two files and delete them.
  • 0

#8
littlemikel
Posted 18 May 2008 - 01:24 PM

littlemikel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
[rename]
c:\tempjunk3742.tmp=C:\Documents and Settings\Owner\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk
nul=c:\tempjunk849.tmp
c:\tempjunk3126.tmp=C:\Documents and Settings\Owner\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk
c:\tempjunk3472.tmp=C:\Documents and Settings\Owner\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk
c:\tempjunk5344.tmp=C:\Documents and Settings\Owner\Start Menu\Programs\Performance Optimizer\Uninstall Performance Optimizer.lnk
c:\tempjunk6151.tmp=C:\Program Files\Performanceoptimizer (Free)\creader.exe
c:\tempjunk1880.tmp=C:\Program Files\Performanceoptimizer (Free)\inst.imd
c:\tempjunk849.tmp=C:\Program Files\Performanceoptimizer (Free)\pcid.exe

There is no C:\Documents and Settings\Owner\Application Data\PerformanceoptimizerFreeSetup[1].exe
C:\Documents and Settings\Owner\Application Data\PerfomanceOptimizerPre_Installer[1].exe

in my Application Data.
Thanks
  • 0

#9
greyknight17
Posted 18 May 2008 - 08:58 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Make sure you remove everything in that wininit.ini file and copy the two lines back into it.

Uninstall Performance Optimizer via the Add/Remove Programs panel if found.

Did you check your ZoneAlarm settings to confirm that it's allowing your IM programs access to the internet?
  • 0

#10
littlemikel
Posted 19 May 2008 - 11:00 AM

littlemikel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes I deleted those files and I added those back. Performance Optimizer wasn't in my add remove programs. I deleted Zonealarm it isn't keeping us from connecting to anything. Now when I try to update or anything I get an error message saying setup could not verify the integrity of the files needed for installation. I tried repairing IE and that did not work and also tried deleting it and reinstalling it and that didn't work either. Now none of the add ons will work. When we try to login in on anything we get this error message. Windows cannot connect to the internet using HTTP, HTTPS, or FTP. Tis is probably caused by firewall settings on this computer. The only firewall we are using now is the windows firewall. I know this is getting aggervating for you. I am sorry. I was on the phone with Microsoft, Dell , and AT&T all night last night. They could not help me. Thanks for your time and patience.
  • 0

#11
greyknight17
Posted 19 May 2008 - 07:47 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
See if this helps:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
  • 0

#12
greyknight17
Posted 25 May 2008 - 04:19 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP