Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with unknown virus/worm/rootkit

Started by poonchkin , Dec 09 2005 11:35 PM

  • Please log in to reply

#1
poonchkin
Posted 09 December 2005 - 11:35 PM

poonchkin

    New Member

  • Member
  • Pip
  • 6 posts
My computer has started having issues - it is obviously infected - but my McAfee is not finding it, ad-aware is not finding anything, etc.

I have followed the steps outlined above (before posting do this) - to the best of my ability. My computer is unable to connect to the internet at this point - so I have been unable to download the latest spybot search & destroy files -- and it is not wanting to run without that upload. :tazz: The initial internet fix was ran but no luck was found.

Behavior of my computer:
* Consumes all virtual memory -- the name of the most offending file changes - generally aoltsmon.exe. I can kill it and it will restart. I have also seen it be McShield.exe etc. I generally have about 15-20 minutes of computer time to run things before I am dead in the water due to the virtual memory issue
* Unable to get an internet connection
* Unable to boot in safe mode
* login accounts starting going into "lock" mode with the screen saver

I am at a loss as to what this is and how to get rid of it. McAfee won't find it when I scan in chunks - but it won't finish the entire directory at once. I have no problem paypalling for help here - as I am stumped and just do not want to give up and bring this into some geek squad or pay McAfee for fixing it...

Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 11:17:40 PM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\Program Files\Comcast\BBClient\Programs\RegCon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\shared\mghtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\110375~1\EE\AOLHOS~1.EXE
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\PROGRA~1\COMMON~1\AOL\110375~1\EE\AOLServiceHost.exe
C:\phjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103756240\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {322A8D6F-443C-4995-90A5-88E8C0432C12} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {57BE83A2-38B6-4384-AE3A-AA23D6DD7EA0} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {B7D0AABB-B8A3-4CCA-BD5A-0A10AB3F4C43} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash...ers/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks in advance! I so appreaciate it. $$

Paula
  • 0

Advertisements

#2
don77
Posted 09 December 2005 - 11:53 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Paula and welcome

aoltsmon.exe is part of AOL TopSpeed, for dial up users, I also see you have comcast, which are you using for internet access ?

I would like to have a look at what programs you have on your machine
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#3
poonchkin
Posted 10 December 2005 - 09:58 PM

poonchkin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
:tazz:

Yep, I do have both AOL and Comcast on my system. I use comcast for my internet connection. The AOL is used solely for some personal email addresses that I monitor in the event of contact. Sorry for the delay in reply. I have to work on this when the kids go to bed.

I did some research into the AOLTSMON and did find a version that was not in the appropriate place. I deleted it and it came right back - with twice the virtual memory as the first time. If I felt this thing was just isolated to that - I would have no problem uninstalling AOL... I did test my AOL dialup and that is not working either at this point. I have a laptop from my work at home with me - so it is hooked up to my router and using that fine. I looked at the network data - Windows seems to think that the computer can talk to the router - but the router can't talk to the internet...

I did as you asked..
3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
BCM V.92 56K Modem
BroadJump Client Foundation
Caillou's Kindergarten
CleanUp!
Clifford Phonics
CM BusinessMate
ComcastSUPPORT
Creative Memories Memory Manager
Cyberchase Carnival Chaos
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (766)
Disney's Winnie the Pooh Toddler
Dora Fairytale Adventure
DS21Patch
DVDSentry
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hoyle Kids Games 2 OEM
Image Transfer
ImageMixer for Sony
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
JumpStart Numbers
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
Little People® Discovery Airport
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Broadband Networking
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Excel 97
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 Small Business
Microsoft Publisher 98
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
MicroStaff WINASPI
Modem Helper
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
Pure Networks Port Magic
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Service Agent
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy 1.4
STOPzilla!
The Mystery of Veggie Island
Thomas Screensaver 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11
Zoboomafoo Creature Quest™
ZoneAlarm



THANK you so much! I will be on for quite a while tonight! You guys are angels!
Paula
  • 0

#4
don77
Posted 11 December 2005 - 12:23 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Paula,
Sorry had a little X-Mas party to go to last night :tazz:
Can you give me the location of where you found " AOLTSMON "


Did you Add Zone Alarm recently or McAfee ?
Looks like you have 2 firewalls running

McAfee Personal Firewall Plus

ZoneAlarm.

Lets make sure you don't have Windows fire wall on as well see here http://www.microsoft...rnmore/icf.mspx

I can see why the kids have to go to bed before you can work on it, Quite a few programs set up for them,
Are there any programs on the computer that they are not using anymore or anyone else is for that matter, Virtual memory lose can be increased by removing unused programs,

Are you using both dial up and the cable connection ?

Sorry just need to get a bit more information to get a better understanding of whats going on with your computer

Don
  • 0

#5
poonchkin
Posted 13 December 2005 - 09:21 PM

poonchkin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Don!

Thanks for the reply - no worries on the delay. Sorry for my delay - my computer started acting better Sunday night - I have been trying to figure out what is different - but couldn't see. Then yesterday night it was acting off again and didn't have my laptop to get to the internet.

Tonight it seems like it is back up again? This is weird...

I looked again and could not find the aoltsmon executable anywhere other than C:/Program Files/Common Files/AOL/TopSpeed/2.0 the exe and the dll are located there.

ZoneAlarm is back from February time period of 2004. I should just install it as I am not using it. The McAfee came with my system and that is what I primarily use (except privacy countrol).

My XP Firewall is turned off - I need to have it off to use my laptop's VPN to access my work's corporate network (I have never set up the VPN on my PC that is infected).

The only time I use the dial up is in the event that I have problems with my broadband connection. I haven't used it for months.

Besides stopzilla - which is a corrupted uninstall and I haven't cleaned up yet. Everything seems to be legit and used (zoneAlarm I have been debating turning off - but haven't as the old if its not broke... Well now it is broke.. Sigh...)

I would have no problem uninstalling AOL, etc -- but I am not seeing that that would necessarily gain anything.

Thanks for your help.. I will better keep you posted as to the behavior of the off and on. :tazz:
  • 0

#6
poonchkin
Posted 13 December 2005 - 09:45 PM

poonchkin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Don!

An update - as I dig through this tonight...
* I ran the Spybot Search & Destroy Sunday night and it didn't find anything - however I ran it tonight - no new updates - and this time it found two registry keys set to disable virus scanning and the firewall. I allowed it to set it up and clean it up.
* I am running the Ewido - it also found 2 infections... Let me finish the steps again and post more info before you waste anytime thinking on this. I will post more once I finish the steps.
  • 0

#7
poonchkin
Posted 14 December 2005 - 12:55 AM

poonchkin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ewido found 2 infections.. Spyware.Cookie.2o7 and Spyware.Cookie.Com
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:07:29 PM, 12/13/2005
+ Report-Checksum: CB4C3771

+ Scan result:

C:\Documents and Settings\Paula\Cookies\paula@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Paula\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup


::Report End


I also saved out the other options in case that was something interesting..

I ran the online scan of Panda ActiveScan - that also showed a spyware component was installed- but it was a low level search thing.

I was curious about the following in my Hijack This Log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ce1.attbb.net

All the rest looked good. Do you want a new hijack this log file?

Thanks!
Paula
  • 0

#8
don77
Posted 14 December 2005 - 06:16 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Yes please post back a fresh HJT log please
Also, you are saying both zonealarm and McAfee firewall are running, we can clean up the stopzilla as well,

Actually can you post another log for me as well please

Download winpfind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#9
poonchkin
Posted 14 December 2005 - 10:01 PM

poonchkin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Don!

I still am unable to start my computer in safe mode - it just keeps loading right to windows...

Here is the non-safe-mode winpfind log....
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 12/8/2005 6:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 12/8/2005 6:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/14/2005 9:16:38 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
11/30/2005 10:17:10 PM S 21633 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 6:12:48 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
12/14/2005 9:22:12 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
12/14/2005 9:33:14 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
12/14/2005 9:26:46 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
12/14/2005 9:45:30 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
12/14/2005 9:45:30 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
12/14/2005 12:59:52 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
12/14/2005 12:57:28 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\f5d24b3d-fc97-4426-9d0e-b2081999fba3
12/14/2005 12:57:28 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred
11/22/2005 3:38:34 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\3b324b2f-1a7e-4edf-8530-6f3435410661
11/22/2005 3:38:34 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
12/14/2005 9:16:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT
12/10/2005 10:57:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5RW551V6\desktop.ini
12/10/2005 10:57:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4264T8Y\desktop.ini
12/10/2005 10:57:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PC52P4VD\desktop.ini
12/10/2005 10:57:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\RYM5G816\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 6/3/2003 10:38:44 AM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL
5/11/2001 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 1/7/2004 11:21:14 PM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 3/26/1998 7440 C:\WINDOWS\SYSTEM32\MLCFG32.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 3/11/2003 4:15:56 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\DLLCACHE\nwc.cpl
Microsoft Corporation 8/23/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/31/2004 9:36:28 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
6/7/2004 10:30:18 PM 715 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
12/14/2005 9:18:52 PM 2355 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
2/9/2004 4:45:24 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/31/2004 9:27:24 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 9:00:00 AM HS 84 C:\Documents and Settings\Paula\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 8:50:46 AM HS 62 C:\Documents and Settings\Paula\Application Data\DESKTOP.INI
2/3/2004 10:54:28 PM 0 C:\Documents and Settings\Paula\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
McBrwHelper Class = c:\program files\mcafee.com\mps\mcbrhlpr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
REALBAR =
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}
STOPzilla Browser Helper Object = C:\WINDOWS\System32\StopzillaBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = REALBAR :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = REALBAR :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
BCMSMMSG BCMSMMSG.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
MPSExe C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
SAClient "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
SAUpdate "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
ComcastSUPPORT C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
SpyStopper C:\Program Files\SpyStopper\spystopper.exe
STOPzilla "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
HostManager C:\Program Files\Common Files\AOL\1103756240\EE\AOLHostManager.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
Pure Networks Port Magic "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sonic RecordNow!
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/14/2005 9:49:18 PM



Here is my Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:57:49 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\110375~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\AOL\110375~1\EE\AOLServiceHost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\phjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103756240\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {322A8D6F-443C-4995-90A5-88E8C0432C12} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {57BE83A2-38B6-4384-AE3A-AA23D6DD7EA0} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {B7D0AABB-B8A3-4CCA-BD5A-0A10AB3F4C43} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash...ers/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...76/mcinsctl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,16/mcgdmgr.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...645/mcfscan.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is my uninstall list...
3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
BCM V.92 56K Modem
BroadJump Client Foundation
Caillou's Kindergarten
CleanUp!
Clifford Phonics
CM BusinessMate
ComcastSUPPORT
Creative Memories Memory Manager
Cyberchase Carnival Chaos
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (766)
Disney's Winnie the Pooh Toddler
Dora Fairytale Adventure
DS21Patch
DVDSentry
ewido security suite
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hoyle Kids Games 2 OEM
Image Transfer
ImageMixer for Sony
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
JumpStart Numbers
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
Little People® Discovery Airport
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Broadband Networking
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Excel 97
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2000 Small Business
Microsoft Publisher 98
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
MicroStaff WINASPI
Modem Helper
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
PowerDVD
Pure Networks Port Magic
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Service Agent
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy 1.4
STOPzilla!
The Mystery of Veggie Island
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11
Zoboomafoo Creature Quest™
ZoneAlarm
  • 0

#10
don77
Posted 15 December 2005 - 06:54 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
You have quite a few programs running at start up that we can cut back on to see if this will get rid of the low virtual memory issue,


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O4 - HKLM\..\Run: [SpyStopper] C:\Program Files\SpyStopper\spystopper.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe


Close out HJT, ( Note: fixing the above entries will not remove the programs from your computer, they just wont be running at start up any longer, If needed we can restore them but you will still be able to manually run these programs if needed)

Go to Add/Remove programs and remove
ZoneAlarm, and see if we can remove this as well STOPzilla, Any other programs you see in there that you don't use any longer go ahead and remove those as well.


After removing the programs from Add/Remove it should ask you to restart your computer if it doesn't please restart manually, Post back a fresh HJT log and let me know if the computer seems to be running a bit better
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP