This is a continuation of the same subject discussions with Skeptic and Happyrck in Operating systems>windowsXP
I have followed the procedures outlined as much as possible. Exceptions being....
I could not download and run Malwarebytes Security settings were in the way.
I ran Super antispyware the second time this AM and got 0 hits.
I ran Panda Active scan yesterday and got "you are infected" but was unable to clear the infections.
I tried logging into the site this AM and they apparently have a problem, so was unable to complete another scan and actually clean up the mess. I suspect that was the problm yesterday. Tried to write them, but I do not believe it went through.
I have set a new restore point and
I tried to assure that SP1 and 2 were installed. Microsoft has a "new" site that didn't work either this morning, so I was unable to complete the scan for SP1 and SP2. I do believe they are installed however, since I automatically check for updates and update every thing but IE7 which interferes with some programs I have.
I have run Happyrck's little Regedit program and followed his instructions re deleting the USB devices, rebooted twice and reinstalled the printer and mouse and everything appears to be working.
I have looked carefully at the two USB ports in the front of the computer and it APPEARS to be as good as new. No damage that I could see. I tried disconnectint the front ports from the motherboard, but I could not turn on the computer.
I have also run HJT and include the results here below:
Thank you very much for your help! I'm sorry I was unable to run the two virus scans, but things were just not cooperating.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:31 AM, on 05/21/2008
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common
Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\
3\hpztsb09.exe
C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\Mo
tiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.e
xe
C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Unload\hpqcmon.exe
C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe
C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.e
xe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook
Express\msimn.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://cgi.verizon.n...okmarks/bmredir.
asp?region=all&bw=dsl&cd=5.1.5&bm=ho_sear
ch
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://google.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://red.clientapp...o.com/customize
/ie/defaults/sb/ymsgr6/*http://www.yahoo.
com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://red.clientapp...o.com/customize
/ie/defaults/su/ymsgr6/*http://www.yahoo.
com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Verizon
Online
R1 -
HKCU\Software\Microsoft\Windows\CurrentVe
rsion\Internet Settings,ProxyOverride =
127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.d
ll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.d
ll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.
dll
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO -
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} -
C:\Program
Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.d
ll
O3 - Toolbar: ZoneAlarm Spy Blocker -
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} -
C:\Program
Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [DwlClient] C:\Program
Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\
3\hpztsb09.exe
O4 - HKLM\..\Run: [Monitor]
C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program
Files\Hewlett-Packard\{D946675D-1D6C-4dc8
-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager]
"C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05]
C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ZoneAlarm Client]
"C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe
/install
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskba
rInit
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\Mo
tiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper]
"C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler]
"C:\Program Files\Common
Files\InstallShield\UpdateService\issch.e
xe" -start
O4 - HKLM\..\Run: [HP Software Update]
C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program
Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo
Downloader] "C:\Program
Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer]
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program
Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe"
AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.e
xe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [RealPlayer]
"C:\Program
Files\Real\RealPlayer\realplay.exe"
/RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [hotComm]
C:\PROGRA~1\1stWORKS\PRISTI~1\BIN\hotComm
.exe /boot
O4 - HKCU\..\Run: [DriverUpdaterPro]
C:\Program Files\XPC Tools\Driver Updater
Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [DellSupport]
"C:\PROGRA~1\DELLSU~1\DSAgnt.exe"
/startup
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'Default user')
O4 - Startup: OCRAWARE.lnk =
C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: UMAX VistaAccess.lnk =
C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program
Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O6 -
HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL
.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program
Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Control Pad -
{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} -
C:\Program Files\Verizon Online\Verizon
Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad
- {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC}
- C:\Program Files\Verizon Online\Verizon
Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Skype -
{77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot -
Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.pristine.com
O16 - DPF: ppctlcab -
http://www.pestscan....canner/ppctlcab.
cab
O16 - DPF: SCV -
https://www.omnovia....ges/sc2/image/S
CV.CAB
O16 - DPF:
{03A89EFD-E023-8600-A22D-45F77558EB4C}
(ILINCInstall86 Class) -
http://content.ilinc...lientdownload/d
ownload/ilinci86.dll
O16 - DPF:
{0742B9EF-8C83-41CA-BFBA-830A59E23533}
(Microsoft Data Collection Control) -
https://support.micr...com/OAS/ActiveX
/MSDcode.cab
O16 - DPF:
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}
(DjVuCtl Class) -
http://downloadcente...ung.com/content
/common/cab/DjVuControlLite_EN.cab
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation
Tool) -
http://go.microsoft....link/?linkid=39
204
O16 - DPF:
{193C772A-87BE-4B19-A7BB-445B226FE9A1}
(ewidoOnlineScan Control) -
http://download.ewid...ewidoOnlineScan
.cab
O16 - DPF:
{2AE1D200-7C3D-4975-9429-556F1E57CA74} -
http://www.blocks.co...all/BlocksPlaye
rInstall.cab
O16 - DPF:
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
(ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...om/activescan/c
abs/as2stubie.cab
O16 - DPF:
{2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://www.pestscan....anner/axscanner
.cab
O16 - DPF:
{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
(InstallShield Setup Player 2K2) -
http://host1.telecha.../tcrepair/setup.
exe
O16 - DPF:
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}
(MSN Money Charting) -
http://moneycentral....m/cabs/pmupd806
.exe
O16 - DPF:
{4620BC29-8B8E-4F4E-9D92-1DB6633D6793}
(SurferNETWORK Plugin) -
http://rd1.surfernet...om/surferplugin
.ocx
O16 - DPF:
{4C39376E-FA9D-4349-BACC-D305C1750EF3}
(EPUImageControl Class) -
http://tools.ebayimg...ps/wl/activex/e
Bay_Enhanced_Picture_Control_v1-0-3-48.ca
b
O16 - DPF:
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}
(DeviceEnum Class) -
http://h30155.www3.h...ediags/dd/insta
ll/HPDriverDiagnosticsxp2k.cab
O16 - DPF:
{56393399-041A-4650-94C7-13DFCB1F4665}
(PSFormX Control) -
http://home3.ca.com/...trol/uniblue/pe
stscan/pestscan.cab
O16 - DPF:
{5ED80217-570B-4DA9-BF44-BE107C0EC166}
(Windows Live Safety Center Base Module)
-
http://cdn.scan.onec...ve.com/resource
/download/scanner/wlscbase9602.cab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.mi...t.com/microsoft
update/v6/V5Controls/en/x86/client/muweb_
site.cab?1211381952453
O16 - DPF:
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.../840/537/200511
1401/housecall.trendmicro.com/housecall/x
scan53.cab
O16 - DPF:
{9B03C5F1-F5AB-47EE-937D-A8EDA626F876}
(Anonymizer Anti-Spyware Scanner) -
http://download.zone...om/bin/promotio
ns/spywaredetector/WebAAS.cab
O16 - DPF:
{9B17FE0E-51F2-4692-8B32-8EFB805FC0E7}
(HPObjectInstaller Class) -
http://h30155.www3.h...ediags/dd/insta
ll/guidedsolutions.cab
O16 - DPF:
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
(Get_ActiveX Control) -
https://h17000.www1..../ewfrf-JAVA/Sec
ure/HPGetDownloadManager.ocx
O16 - DPF:
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
(a-squared Scanner) -
http://ax.emsisoft.com/asquared.cab
O16 - DPF:
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
(Java Runtime Environment 1.4.1_06) -
O16 - DPF:
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
(GpcContainer Class) -
https://markettrader...x.com/client/v_
mywebex-t20/event/ieatgpc.cab
O16 - DPF:
{EB387D2F-E27B-4D36-979E-847D1036C65D}
(QDiagHUpdateObj Class) -
http://h30043.www3.h...hpdj/en/check/q
diagh.cab?312
O18 - Protocol: skype4com -
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon -
C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist -
C:\Program
Files\Citrix\GoToAssist\480\G2AWinLogon.d
ll
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner
(AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoToAssist - Citrix
Online, a division of Citrix Systems,
Inc. - C:\Program
Files\Citrix\GoToAssist\480\g2aservice.ex
e
O23 - Service: iPod Service - Apple Inc.
- C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) -
Intel Corporation -
C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet
Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: SurfNet Media
Player -
http://media.surfnet...com/cgi-bin/med
ia?2=1&6=E2E2E2&7=G~000030~10&3=b000030mv
atalk&4=1&5=0&0=www.voiceamerica.com&1=ww
w.voiceamerica.com/VAtop.html
--
End of file - 14043 bytes