Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with removal of ABS [CLOSED]


  • This topic is locked This topic is locked

#16
policeman

policeman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes, I have followed all your directions with the exception of doing the Panda Scan as I couldn't get to the page with IE and when I started on the page w/ Firefox it didn't like that either. I don't recall what shredder fixed or cleaned but it did do something. I HAD reset the deafulat settings on IE. Don't know why it didn't take. I have re-set them again.

When I ran HJT the first time... it didn't show the R1 or HKCU entries...of course, I'm old so I do miss things....
Logfile of HijackThis v1.99.1
Scan saved at 9:30:33 AM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PowerManager\upssrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PowerManager\upsio.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\FSScrCtl.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LabtecKB] C:\Program Files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerManager\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Then I did the Config., Misc. Tools, Uninstall Manager save list...

7-Zip 3.13
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Alt-Tab Task Switcher Powertoy for Windows XP
ArcSoft PhotoImpression 4
AVG Free Edition
Calculator Powertoy for Windows XP
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CleanUp!
CmdHere Powertoy For Windows XP
C-Media 3D Audio
C-Media WDM Audio Driver
Consumer Input Software (remove only)
ewido security suite
HexDump plug-in for Ad-Aware SE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
IomegaWare 4.0.2
ItsDeductible Express
Labtec Keyboard
LSP Explorer plug-in for Ad-Aware SE
Macromedia Shockwave Player
Magnifier Powertoy for Windows XP
McAfee SecurityCenter
McAfee VirusScan
Media Library Management Wizard
Messenger-Control plug-in for Ad-Aware SE
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft J# Browser Controls v1.1
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft Plus! Game Pack: Cards and Puzzles
Microsoft Windows Journal Viewer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.0.2)
Mozilla Thunderbird (1.0.6)
My DSC
Nero 6 Ultra Edition
Network Play System (Patching)
NetZero
NetZero HiSpeed (remove only)
NVIDIA Drivers
OE/W Messengerctrl plug-in for Ad-Aware SE
PDFCreator 0.8.0
Personal License Update Wizard for Windows Media Player
Picasa 2
Plaxo
Plus! MP3 Audio Converter LE
Power Manager
PowerDVD
Powertoys For Windows XP
QuickTime
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Spybot - Search & Destroy 1.3
SpywareBlaster v3.4
The Sims
TurboTax Premier 2004
Tweak-SE plug-in for Ad-Aware SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
User Profile Hive Cleanup Service
Virtual Desktop Manager Powertoy for Windows XP
VX2 Cleaner plug-in for Ad-Aware SE
Webshots Desktop
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver

I ran the findpf.bat ....

Volume in drive C has no label.
Volume Serial Number is 0827-546A

Directory of C:\PROGRA~1

09/04/2005 09:11 AM <DIR> .
09/04/2005 09:11 AM <DIR> ..
09/12/2003 09:42 AM <DIR> 7-Zip
08/16/2005 10:15 PM <DIR> Ace
08/16/2005 10:16 PM <DIR> Adobe
09/12/2003 09:46 AM <DIR> Ahead
09/04/2005 09:11 AM <DIR> APT
11/14/2004 04:24 AM <DIR> ArcSoft
10/27/2004 06:08 AM <DIR> Bible
08/16/2005 10:16 PM <DIR> BiblePro
09/13/2003 10:30 AM <DIR> C-Media 3D Audio
04/03/2005 06:53 PM <DIR> Canon
09/03/2005 05:38 PM <DIR> CleanUp!
07/30/2005 07:44 PM <DIR> Common Files
09/08/2003 10:59 AM <DIR> ComPlus Applications
09/12/2003 09:37 AM <DIR> CyberLink
10/12/2004 12:59 AM <DIR> Electronic Arts
08/25/2005 05:35 PM <DIR> ewido
06/06/2005 01:51 PM <DIR> Grisoft
10/06/2004 09:24 PM <DIR> HighMAT CD Writing Wizard
04/29/2005 10:00 PM <DIR> ICRAplus
08/12/2005 05:51 AM <DIR> Internet Explorer
08/21/2005 05:24 PM <DIR> Iomega
10/06/2004 08:52 PM <DIR> Labtec
12/04/2004 12:52 PM <DIR> Lavasoft
11/02/2004 08:48 AM <DIR> Maxis
07/30/2005 08:49 PM <DIR> McAfee.com
02/13/2005 04:02 AM <DIR> Messenger
09/08/2003 11:03 AM <DIR> microsoft frontpage
03/19/2005 01:28 PM <DIR> Microsoft Games
05/21/2005 09:44 PM <DIR> Microsoft JSharp Browser Controls v1.1
09/13/2003 09:20 AM <DIR> Microsoft Office
09/12/2003 10:01 AM <DIR> Microsoft Plus!
09/13/2003 10:26 AM <DIR> Microsoft Plus! Digital Media Edition
09/13/2003 09:12 AM <DIR> Microsoft Visual Studio
09/12/2003 09:59 AM <DIR> Movie Maker
08/07/2005 05:39 PM <DIR> Mozilla Firefox
08/06/2005 07:34 PM <DIR> Mozilla Thunderbird
09/08/2003 10:58 AM <DIR> MSN
09/08/2003 10:58 AM <DIR> MSN Gaming Zone
09/03/2005 05:45 PM <DIR> mvix
11/14/2004 04:21 AM <DIR> My DSC
07/30/2005 09:50 PM <DIR> MyPoints_PointAlert
09/08/2003 11:00 AM <DIR> NetMeeting
09/04/2005 01:20 PM <DIR> NetZero
10/06/2004 06:37 PM <DIR> OfficeUpdate11
09/12/2003 10:10 AM <DIR> Online Services
09/08/2003 11:00 AM <DIR> Outlook Express
08/27/2005 10:33 AM <DIR> PDFCreator
04/03/2005 07:05 PM <DIR> Picasa2
09/04/2005 01:18 PM <DIR> Plaxo
09/12/2003 09:52 AM <DIR> QuickTime
09/13/2003 09:20 AM <DIR> Snapshot Viewer
07/28/2005 06:05 AM <DIR> Spybot - Search & Destroy
08/02/2005 05:28 AM <DIR> SpywareBlaster
09/16/2003 09:19 AM <DIR> uphclean
10/13/2004 05:56 PM <DIR> Webshots
09/12/2003 09:43 AM <DIR> Winamp
09/16/2003 09:19 AM <DIR> Windows Journal Viewer
09/12/2003 08:51 AM <DIR> Windows Media Bonus Pack for Windows XP
08/16/2005 10:18 PM <DIR> Windows Media Player
09/08/2003 10:58 AM <DIR> Windows NT
07/31/2005 12:42 PM <DIR> WinFixer 2005
09/12/2003 09:45 AM <DIR> WinRAR
09/08/2003 11:03 AM <DIR> xerox
0 File(s) 0 bytes
65 Dir(s) 72,419,840,000 bytes free

And then I ran HJT again...

Logfile of HijackThis v1.99.1
Scan saved at 1:28:59 PM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PowerManager\upssrv.exe
C:\PowerManager\upsio.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\FSScrCtl.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LabtecKB] C:\Program Files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerManager\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


AND...I still can't get this website to load via IE. I am ready to wipe my harddrive and reload the universe.


~~~~~~~~~~~~~~~~~~~~~~~~
CONSIDER THIS......

Give up at least one meal today and donate that money to Katrina Disaster Relief via Salvation Army or Red Cross. Let yourself go hungry for that one meal.
  • 0

Advertisements


#17
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please read the instructions for [ About:Buster ] then download it to a safe location where you can easily remember it.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Reboot in SAFE MODE. [ How to boot in Safe Mode... ]

Please run about:buster by RubbeRDuckY:
  • Click Begin Removal
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
In the event you get an error message then do the following:
Start > Run then paste this in the dialog box

regsvr32 C:\Windows\System32\COMCTL32.OCX

Run about:buster again following the same instructions as above, this time without the restart at the end.


++++++++++++++++++++
* Please right-click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#18
policeman

policeman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
:tazz: Why am I having all these problems? What is it that my computer has that I keep having to download one thing after another? I'd like to know what each thing is called...I think it is better if I wipe the drive clean and start over. It would take less time that continuing to post, download, run, post, download....

I am so depressed. :)






~~~~~~~~~~~~~~~~~~~~~~~~
:) CONSIDER THIS......

Give up at least one meal today and donate that money to Katrina Disaster Relief via Salvation Army or Red Cross. Let yourself go hungry for that one meal.
  • 0

#19
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
hi policeman,

The tools I recommended for downloads were all tools for diagnosis and removal of certain infections. The reason we staffs recommend these tools is to avoid the last resort which is of course format the computer. Reformatting and fresh install means to wipe clean including important documents as well as some settings. We try to avoid that since that means very good value for certain users. The tools only target infected files and not the legitimate ones. If you think it would be okay for you to start all over with a fresh reformat then I would proceed with just giving you the important tools to prevent future re-infections and tips to better protect yourself.

What do you say? :tazz:
  • 0

#20
policeman

policeman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I don't mean to be ungrateful... it just seems as if I jump through one hoop after another. If you could tell me what you are looking for when you ask me to download another file...it would help. It isn't a big deal for me to reformat. Why not take a look at the last download info. and tell me what you think. Is this going to keep going on and on?

1. I download Aboutbuster but I could not get it to update. I ran it in safe mode. here is the 1st log:

AboutBuster 5.0 reference file 28
Scan started on [9/6/2005] at [6:51:53 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:52:18 PM

I ran it a 2nd time:

AboutBuster 5.0 reference file 28
Scan started on [9/6/2005] at [6:54:15 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:54:31 PM

I rebooted and here is the last log:

AboutBuster 5.0 reference file 28
Scan started on [9/6/2005] at [6:57:01 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:57:25 PM

I ran Silent Runners:

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NetZero_uoltray" = "C:\Program Files\NetZero\exec.exe regrun" ["NetZero"]
"PlaxoUpdate" = "C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a" ["Plaxo"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BackgroundSwitcher" = "C:\WINDOWS\system32\bgswitch.exe" [null data]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"FastUser" = "C:\WINDOWS\system32\fast.exe" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"LabtecKB" = "C:\Program Files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE" ["Dritek System Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]
"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data]
"{76EDEF4C-1313-11d3-8705-00C04FB16A21}" = "Audio Player backend"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shplayer.dll" [MS]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]
"{65F411C7-F4EE-11d2-9B7D-00C04FB16A21}" = "Audio Player"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shplayer.dll" [MS]
"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."]
"{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."]
"{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}" = "Zinio Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZSHExt.dll" ["Zinio Systems, Inc."]
"{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}" = "Zinio Magazine Column Provider"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZSHExt.dll" ["Zinio Systems, Inc."]
"{091D66CD-24B7-4210-A790-78463B1B3D7A}" = "Zinio Shell Extension UI Object"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZSHExt.dll" ["Zinio Systems, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Babs\Application Data\Webshots\The Webshots Desktop\Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\PROGRA~1\Webshots\webshots.scr" ["Webshots.com"]


Startup items in "Babs" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\Babs\Start Menu\Programs\Startup
"Screen Saver Control" -> shortcut to: "C:\WINDOWS\FSScrCtl.exe" ["Stardust Software"]
"Webshots" -> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Scan for Viruses - My Computer (V-GER-Babs)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" ["McAfee, Inc."]
"Spybot - Search & Destroy - Scheduled Task" -> launches: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe /AUTOCHECK" ["Safer Networking Limited"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\NetZero\qsacc\sliplsp.dll [null data], 01 - 03, 21
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" = "ZeroBar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\NetZero\Toolbar.dll" [empty string]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------

ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InteractiveLogon, InteractiveLogon, "C:\WINDOWS\system32\Fast.exe -service" [MS]
Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"]
Logical Disk Manager Administrative Service, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
McAfee SecurityCenter Update Manager, mcupdmgr.exe, "C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe" ["McAfee, Inc"]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]
Network Provisioning Service, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\MsPMSNSv.dll" [MS]}
UPS Service, CyberPowerUPS, "C:\PowerManager\upssrv.exe" ["CyberPower Systems, Inc."]
User Profile Hive Cleanup, UPHClean, "C:\Program Files\uphclean\uphclean.exe" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 49 seconds, including 18 seconds for message boxes)

I ran HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:38 PM, on 9/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LabtecKB] C:\Program Files\Labtec\Labtec Keyboard-Desktop Software\DsiMmKbd.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: UPS Service (CyberPowerUPS) - CyberPower Systems, Inc. - C:\PowerManager\upssrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

NOW, let me know if it will be quicker, cleaner, and faster to just reformat. Thanks for all your help. Programs I do have that were SUPPOSED to prevent this are:

McAfee, Spybot, Ad-ware, Spyware Blaster, Firefox, and Thunderbird. :tazz:

``````````````
  • 0

#21
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
hi policeman,

very good, looks great I dont see any malwares anymore. How is your browser, are you now able to open them successfully? I requested you to download certain programs to help me determine what and where is causing the errors in your browser.

if it still persist let us try this diagnosis:
Please download RootKitRevealer from here:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#22
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP