Hijack This LOG - Piriform Community Forums

(2 Pages)
1
2
→

You cannot start a new topic
You cannot reply to this topic

Hijack This LOG Urgently need assistance, think I have a demon!

#1 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Post icon Posted 20 November 2006 - 01:40 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:33:50 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.c...&...=all&c=q106
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Verizon Internet Security Suite] C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159376680546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - c:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

THIS SCAN WAS RUN IN SAFE MODE!!!

New HP Computer, been having problem after problem, IF I get one thing almost fixed, I get other errors, PLUS....seems to know when I am trying to get to any updates on anti-virus, etc. Messed up a lot of files, reg, etc. SOS PLZ!!!

Back to top of the page up there ^
MultiQuote
Reply

#2 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 20 November 2006 - 02:15 AM

Can you boot to normal mode?
Please if you can get a hijackthis log from normal mode.

Back to top of the page up there ^
MultiQuote
Reply

#3 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 21 November 2006 - 02:33 AM

rridgely, on Nov 19 2006, 09:15 PM, said:

Can you boot to normal mode?
Please if you can get a hijackthis log from normal mode.

Should have done that first (sorry), here it is. :

Logfile of HijackThis v1.99.1
Scan saved at 9:30:00 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.c...&...=all&c=q106
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159376680546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - c:\Program Files\Common Files\Command Software\dvpapi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Back to top of the page up there ^
MultiQuote
Reply

#4 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 21 November 2006 - 03:41 AM

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

Back to top of the page up there ^
MultiQuote
Reply

#5 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 21 November 2006 - 11:07 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 21, 2006 6:04:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/11/2006
Kaspersky Anti-Virus database records: 243722
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 138071
Number of viruses found: 2
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:34:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012006112120061122\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\GEORGES.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0194CF38-34BC-4478-93DF-286B5ABA9158}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E285CDA6-1C21-41B9-8CE1-8513B1B11FAE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT05ff3.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05ff6.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Back to top of the page up there ^
MultiQuote
Reply

#6 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 22 November 2006 - 12:11 AM

Nicely done.

Find and delete this file:

C:\WINDOWS\Downloaded Program Files\vzbb.dll <-FILE

After that run the below scan and post the log.

Download AVG Anti-Spyware

Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top and then click on Complete System Scan
Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.

Back to top of the page up there ^
MultiQuote
Reply

#7 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 23 November 2006 - 01:15 AM

Good evening, Sorry I took so long with this. I had to dig and dig, and finally I came up with a file in a registry editor file ... vzbb.dll Nothing indicating anything as C program files etc. Also, found Adware.Megasearch and deleted. Still stufff hiding but running better. I am scanning again right now dll files only. Found the 2, I deleted. Still will not install automatic updates. I am including both copies for your review. Please advise. Thank you so much for your help. -Carol

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:59:17 AM 11/22/2006

+ Scan result:

C:\WINDOWS\Downloaded Program Files\vzbb.dll -> Adware.MegaSearch : No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP7\A0013408.exe -> Heuristic.Win32.Dialer : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@news.com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-kasperskylab.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-kasperskylab.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-reed.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.

::Report end

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:00:21 PM 11/22/2006

+ Scan result:

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.

::Report end

quote name='rridgely' date='Nov 21 2006, 07:11 PM' post='55233']
Nicely done.

Find and delete this file:

C:\WINDOWS\Downloaded Program Files\vzbb.dll <-FILE

After that run the below scan and post the log.

Download AVG Anti-Spyware

Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top and then click on Complete System Scan
Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.
[/quote]

Back to top of the page up there ^
MultiQuote
Reply

#8 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 23 November 2006 - 03:35 AM

Post a new hijackthis log.
I assume you removed the file?

Back to top of the page up there ^
MultiQuote
Reply

#9 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 23 November 2006 - 11:49 PM

There seems to be stuff that I thought I had deleted (EBay, etc.). Here's the log. I am having issues installing win updates still. Thanx again! Regards -Carol

Logfile of HijackThis v1.99.1
Scan saved at 6:44:01 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.c...&...=all&c=q106
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159376680546
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - c:\Program Files\Common Files\Command Software\dvpapi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Back to top of the page up there ^
MultiQuote
Reply

#10 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 24 November 2006 - 12:35 AM

I want you to run one more virus scan. Follow the directions below:

Run BitDefender Online Scanner

Using internet Explorer please go HERE to run BitDefender's Online scan.
Read the terms and then click I Agree
You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
Reboot your computer

MAKE SURE YOU REBOOT.
--------------
After the reboot do this:

Download this file:
http://djlizard.net/...-v0.60.0.24.zip

Unzip it and then open up dial a fix. Once its open look at the bottom of the program and click the green checkmark. All of the boxes should now be checked. Then press go and just let dial a fix do its thing. Once its finished reboot.

After you boot back up come back and post the bitdefender scan report. Also try to connect to windows update again and see if that works.
Good luck and let me know how it goes.

Back to top of the page up there ^
MultiQuote
Reply

#11 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 25 November 2006 - 01:13 AM

rridgely, on Nov 23 2006, 07:35 PM, said:

I want you to run one more virus scan. Follow the directions below:

Run BitDefender Online Scanner

Using internet Explorer please go HERE to run BitDefender's Online scan.
Read the terms and then click I Agree
You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
Reboot your computer

MAKE SURE YOU REBOOT.
--------------
Logfile of HijackThis v1.99.1
Scan saved at 6:44:01 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.c...&...=all&c=q106
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2....DataManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159376680546
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - c:\Program Files\Common Files\Command Software\dvpapi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 7.0.5730.11
MPC: 76487-OEM
CPU: AMD Athlon™ 64 X2 Dual Core Processor 3800+ (~1000MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 6/23/2006
Memory (approx): 958MB
Uptime: 0 hour(s)
Current directory: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\6ZYKD6QC\Dial-a-fix-v0.60.0.24[1]\Dial-a-fix-v0.60.0.24
---

11/24/2006 12:15:17 AM -- Dial-a-fix : [v0.60.0.24] -- started
12:15:17 AM | Policy scan started
12:15:17 AM | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
12:15:28 AM | Deleting C:\Documents and Settings\HP_Administrator\Local Settings\Temp...
12:15:28 AM | C:\Documents and Settings\HP_Administrator\Local Settings\Temp could not be completely emptied, please reboot and try again
12:15:28 AM | Deleting C:\WINDOWS\temp...
12:15:29 AM | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
12:15:29 AM | Deleting C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp...
12:15:29 AM | C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
12:15:45 AM | Registered: C:\WINDOWS\system32\msi.dll
--- MSI ---
12:15:53 AM | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
12:16:06 AM | Unregistered: C:\WINDOWS\system32\msxml.dll
12:16:06 AM | Registered: C:\WINDOWS\system32\msxml.dll
12:16:07 AM | Unregistered: C:\WINDOWS\system32\msxml2.dll
12:16:07 AM | Registered: C:\WINDOWS\system32\msxml2.dll
12:16:08 AM | Unregistered: C:\WINDOWS\system32\msxml3.dll
12:16:08 AM | Registered: C:\WINDOWS\system32\msxml3.dll
12:16:08 AM | Unregistered: C:\WINDOWS\system32\msxml4.dll
12:16:09 AM | Registered: C:\WINDOWS\system32\msxml4.dll
12:16:09 AM | Unregistered: C:\WINDOWS\system32\qmgr.dll
12:16:09 AM | Registered: C:\WINDOWS\system32\qmgr.dll
12:16:09 AM | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
12:16:09 AM | Registered: C:\WINDOWS\system32\qmgrprxy.dll
12:16:09 AM | Unregistered: C:\WINDOWS\system32\muweb.dll
12:16:09 AM | Registered: C:\WINDOWS\system32\muweb.dll
12:16:09 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:16:09 AM | Registered: C:\WINDOWS\system32\winhttp.dll
12:16:09 AM | Registered: C:\WINDOWS\system32\wuapi.dll
12:16:09 AM | Unregistered: C:\WINDOWS\system32\wuaueng.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\wuaueng.dll
12:16:10 AM | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\wuaueng1.dll
12:16:10 AM | Unregistered: C:\WINDOWS\system32\wucltui.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\wucltui.dll
12:16:10 AM | Unregistered: C:\WINDOWS\system32\wups.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\wups.dll
12:16:10 AM | Unregistered: C:\WINDOWS\system32\wups2.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\wups2.dll
12:16:10 AM | Unregistered: C:\WINDOWS\system32\wuweb.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\wuweb.dll
12:16:10 AM | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
12:16:23 AM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
12:16:27 AM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
12:16:27 AM | Registered: C:\WINDOWS\system32\cryptdlg.dll
12:16:27 AM | Unregistered: C:\WINDOWS\system32\cryptui.dll
12:16:27 AM | Registered: C:\WINDOWS\system32\cryptui.dll
12:16:27 AM | Unregistered: C:\WINDOWS\system32\cryptext.dll
12:16:28 AM | Registered: C:\WINDOWS\system32\cryptext.dll
12:16:28 AM | Unregistered: C:\WINDOWS\system32\dssenh.dll
12:16:28 AM | Registered: C:\WINDOWS\system32\dssenh.dll
12:16:28 AM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
12:16:28 AM | Registered: C:\WINDOWS\system32\gpkcsp.dll
12:16:28 AM | Unregistered: C:\WINDOWS\system32\initpki.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\initpki.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\licdll.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\licdll.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\mssign32.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\mssign32.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\mssip32.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\mssip32.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\scardssp.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\scardssp.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\sccbase.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\sccbase.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\scecli.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\scecli.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\softpub.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\softpub.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\slbcsp.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\regwizc.dll
12:17:00 AM | Registered: C:\WINDOWS\system32\regwizc.dll
12:17:00 AM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\rsaenh.dll
12:17:01 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\winhttp.dll
12:17:01 AM | Unregistered: C:\WINDOWS\system32\wintrust.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: Programming cores/runtimes ---
12:17:01 AM | Registered: C:\WINDOWS\system32\atl.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\corpol.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\jscript.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\dispex.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\scrrun.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\scrobj.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\vbscript.dll
12:17:01 AM | Registered: C:\WINDOWS\system32\wshext.dll
--- SSL/HTTPS/Cryptography ---
12:17:42 AM | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
12:17:47 AM | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
12:17:47 AM | Registered: C:\WINDOWS\system32\cryptdlg.dll
12:17:47 AM | Unregistered: C:\WINDOWS\system32\cryptui.dll
12:17:47 AM | Registered: C:\WINDOWS\system32\cryptui.dll
12:17:47 AM | Unregistered: C:\WINDOWS\system32\cryptext.dll
12:17:47 AM | Registered: C:\WINDOWS\system32\cryptext.dll
12:17:47 AM | Unregistered: C:\WINDOWS\system32\dssenh.dll
12:17:47 AM | Registered: C:\WINDOWS\system32\dssenh.dll
12:17:47 AM | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
12:17:47 AM | Registered: C:\WINDOWS\system32\gpkcsp.dll
12:17:48 AM | Unregistered: C:\WINDOWS\system32\initpki.dll
12:17:48 AM | Registered: C:\WINDOWS\system32\initpki.dll
12:17:48 AM | Unregistered: C:\WINDOWS\system32\licdll.dll
12:17:48 AM | Registered: C:\WINDOWS\system32\licdll.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\mssign32.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\mssign32.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\mssip32.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\mssip32.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\scardssp.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\scardssp.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\sccbase.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\sccbase.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\scecli.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\scecli.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\softpub.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\softpub.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\slbcsp.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\slbcsp.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\regwizc.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\regwizc.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\rsaenh.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\rsaenh.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\winhttp.dll
12:17:49 AM | Registered: C:\WINDOWS\system32\winhttp.dll
12:17:49 AM | Unregistered: C:\WINDOWS\system32\wintrust.dll
12:17:50 AM | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
12:18:06 AM | Registered: C:\WINDOWS\system32\acelpdec.ax
12:18:06 AM | Registered: C:\WINDOWS\system32\actxprxy.dll
12:18:06 AM | Registered: C:\WINDOWS\system32\asctrls.ocx
12:18:06 AM | Registered: C:\WINDOWS\system32\daxctle.ocx
12:18:06 AM | Registered: C:\WINDOWS\system32\hhctrl.ocx
12:18:06 AM | Registered: C:\WINDOWS\system32\l3codecx.ax
12:18:06 AM | Registered: C:\WINDOWS\system32\licmgr10.dll
12:18:06 AM | Registered: C:\WINDOWS\system32\mpg4ds32.ax
12:18:08 AM | Registered: C:\WINDOWS\system32\msdxm.ocx
12:18:08 AM | Registered: C:\WINDOWS\system32\proctexe.ocx
12:18:08 AM | Registered: C:\WINDOWS\system32\tdc.ocx
12:18:08 AM | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
12:18:09 AM | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
12:18:09 AM | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
12:18:09 AM | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
12:18:09 AM | Registered: C:\WINDOWS\system32\quartz.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\danim.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\dmscript.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\dmstyle.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\dxmasf.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\dxtmsft.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\dxtrans.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
12:18:09 AM | Registered: C:\WINDOWS\system32\atl.dll
12:18:09 AM | Registered: C:\WINDOWS\system32\corpol.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\jscript.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\dispex.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\scrrun.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\scrobj.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\vbscript.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
12:18:10 AM | Registered: C:\WINDOWS\system32\activeds.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\audiodev.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\browsewm.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\cabview.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\cdfview.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\clbcatex.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\clbcatq.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\comcat.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\cscui.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\credui.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\datime.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\devmgr.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\dfsshlex.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\dmdlgs.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\dmloader.dll
12:18:10 AM | Registered: C:\WINDOWS\system32\dmocx.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\dmview.ocx
12:18:11 AM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\dsuiext.dll
12:18:11 AM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\dsquery.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\dskquoui.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\els.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\es.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\fontext.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\hlink.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\hnetcfg.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\iedkcs32.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\iepeers.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\ils.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\inetcfg.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\inetcomm.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\laprxy.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\lmrt.dll
12:18:11 AM | Registered: C:\WINDOWS\system32\mlang.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\mmcshext.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\mscoree.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\mshtmled.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\msoeacct.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\msr2c.dll
12:18:12 AM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\mydocs.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\mstime.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\netcfgx.dll
12:18:12 AM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\netplwiz.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\netman.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\netshell.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\ntmsevt.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
12:18:12 AM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\ntmssvc.dll
12:18:12 AM | DllInstalled: C:\WINDOWS\system32\occache.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\occache.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\ole32.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\oleaut32.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\oleacc.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\olepro32.dll
12:18:12 AM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\photowiz.dll
12:18:12 AM | Registered: C:\WINDOWS\system32\remotepg.dll
12:18:13 AM | Registered: C:\WINDOWS\system32\rpcrt4.dll
12:18:13 AM | Registered: C:\WINDOWS\system32\rshx32.dll
12:18:13 AM | Registered: C:\WINDOWS\system32\sendmail.dll
12:18:13 AM | Registered: C:\WINDOWS\system32\slayerxp.dll
12:18:13 AM | Registered: C:\WINDOWS\system32\shell32.dll
12:18:16 AM | DllInstalled: C:\WINDOWS\system32\shell32.dll
12:18:16 AM | Registered: C:\WINDOWS\system32\shmedia.dll
12:18:16 AM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
12:18:16 AM | Registered: C:\WINDOWS\system32\shimgvw.dll
12:18:16 AM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
12:18:16 AM | Registered: C:\WINDOWS\system32\shsvcs.dll
12:19:43 AM | Error 126 while calling LoadLibrary(C:\WINDOWS\system32\srclient.dll). The error text is: The specified module could not be found.
. The file version is: 5.1.2600.2180
12:19:43 AM | Unregistered: C:\WINDOWS\system32\stobject.dll
12:19:43 AM | Registered: C:\WINDOWS\system32\stobject.dll
12:19:43 AM | Registered: C:\WINDOWS\system32\twext.dll
12:19:43 AM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
12:19:43 AM | Registered: C:\WINDOWS\system32\urlmon.dll
12:19:43 AM | Registered: C:\WINDOWS\system32\userenv.dll
12:19:43 AM | Registered: C:\WINDOWS\system32\winhttp.dll
12:19:43 AM | DllInstalled: C:\WINDOWS\system32\wininet.dll
12:19:44 AM | Registered: C:\WINDOWS\system32\zipfldr.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
12:19:44 AM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
12:19:45 AM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
12:19:45 AM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
12:19:45 AM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
12:19:45 AM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll

After the reboot do this:

Download this file:
http://djlizard.net/...-v0.60.0.24.zip

Unzip it and then open up dial a fix. Once its open look at the bottom of the program and click the green checkmark. All of the boxes should now be checked. Then press go and just let dial a fix do its thing. Once its finished reboot.

After you boot back up come back and post the bitdefender scan report. Also try to connect to windows update again and see if that works.
Good luck and let me know how it goes.

Back to top of the page up there ^
MultiQuote
Reply

#12 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 25 November 2006 - 04:38 AM

Are windows updates working now?

Back to top of the page up there ^
MultiQuote
Reply

#13 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Post icon Posted 25 November 2006 - 06:06 AM

YES! Seems to be working fine. I still appear to have issues with some of the files though. Just wanted to let you know, that after working forever with HP support (nice people, but limited on suddestions), and Verizons' "tech-wanna-bees" , you were the only successful and very best tech support I received. Thank you so much. I need to kick up some more of the smaller (hopefully) issues and will get back tomorrow. regards -Carol

Back to top of the page up there ^
MultiQuote
Reply

#14 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 25 November 2006 - 02:14 PM

Awesome I'm glad its working now.

If you need any help with the other issues let us know.

Back to top of the page up there ^
MultiQuote
Reply

#15 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 25 November 2006 - 09:41 PM

I just got a response from the maker of dial a fix.
When the program returned that error log it could mean that your system restore will not function.(which obviously isn't a good thing.)

To fix system restore open dial a fix and go to the tools section. Then scroll down the reinstall system restore and press go. After its done reboot if it doesn't ask you too.

After the reboot run dial a fix they way you did before(green checkmarks then go) and see if it still has any errors.

Back to top of the page up there ^
MultiQuote
Reply

#16 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 26 November 2006 - 01:35 AM

ok....I tried to apply the dial a fix as instructed, and it would not run! I was asked to inset my WIN Pro Cd which I do not have, it was not supplied. I got in touch with HP Tech, who is instructing me to do a destructive restoration, because my run32.dll app is also not running correctly. This whole thing is really creeping me out, do u suppose a hacker could have gotten in? How could I find out? -Carol

Back to top of the page up there ^
MultiQuote
Reply

#17 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 26 November 2006 - 01:44 AM

If you have back ups of everything you can just reformat.(which is what the tech on the phone is telling you). Just know that you will loose everything.

How old is the computer? If its a releativly new hp pc then you should have a recovery partition. I can tell you how to use it if you want but I'm sure the tech is helping you. If your having tons of issues then its probably quicker and easier to just reformat.

Its not that you've been hacked but you have just been infected with adware/spyware. After you get the pc back to new conditions(after the reformat it will be like you just opened the box) come back here and I will show you some ways to keep this from happening in the future.(don't let that tech sell you anything.

)

Back to top of the page up there ^
MultiQuote
Reply

#18 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 26 November 2006 - 02:14 AM

Nope, I am a hard sell.

Got an answer from Michael at dial a fix, he said "wow that's a new one" . When I tried the reinstallation of system restore, the blue box come up to "insert winxp disc". My husband thinks I'm nuts, but so what?!!!! I want to know what this thing is! Her is a new report:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:07 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.hp.c...&...=all&c=q106
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2....DataManager.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159376680546
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Back to top of the page up there ^
MultiQuote
Reply

#19 rridgely

I hate computers

Group: Moderators
Posts: 8,736
Joined: 12-April 05
Gender:Male

Posted 26 November 2006 - 02:42 AM

Open dial a fix and go to tools.
Do both SFC Scan and SFC purge. Then run the green arrow part of dial a fix again and see if it spits out an error log again.

I didn't know you didn't have an xp disc.
------------------------------------------------

I'm assuming Michael is either the person from hp or your husband? Anyway dial fix is a tool thats used to fix commen windows errors. The author of the tool used to visit this forum. Here is the official site for it:
http://wiki.djlizard.net/Dial-a-fix
-----------

The last hijackthis log looks fine. I think the damage was done either by some sort of spyware or have you used any registry cleaners lately?

So what do you plan to do?
Are you going to reformat the computer?(what the hp tech was telling you) or do you want to try something else?(what I posted at the top of this post very well may solve your problems)

Try making a new restore point after running the sections of dial a fix I said. To make new points do this:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

Back to top of the page up there ^
MultiQuote
Reply

#20 moicarol

Advanced Member

Group: Members
Posts: 50
Joined: 19-November 06

Posted 26 November 2006 - 02:58 AM

Michael is the tech from from Dial-a-Fix. My Pc is sayin that system re is not there or corrupted! When I tried their (D-a-Fx) app, it was asking for my installation cd's, which this pc did not come with. However, I did jst purchase the "recovery discs", which according to the hp tech, is all the info needed. I will do whatever is necessary to fix all of this, but am being cautious this time! Thanx...Carol

Back to top of the page up there ^
MultiQuote
Reply

(2 Pages)
1
2
→

You cannot start a new topic
You cannot reply to this topic

Piriform Community Forums: Hijack This LOG - Piriform Community Forums