View Full Version : Unknown computer problem...infection?
I have no idea if this is an infection or not. The problem began right after I installed iTunes. I would run certain programs and the computer would stop responding and the monitor would go blank as if it stopped receiving a signal from the computer. At first, the problem only occurred when I tried adding a movie to my iPod, but later on found out that some instances of JavaScript use would initiate the problem as well.
Thinking that the problem was iTunes, I uninstalled it. This didn't help (maybe there are some reg entries still in my system). I then proceeded to go to my next resource, system restore; but this was not an option, seeing as how, even though system restore was turned on, none of my previous restore points were present.
Oh, and one more question, would doing a format and a re-installation of windows xp be wise in this situation?
Below I have posted a HJT and Kapersky log.
--------------------------------------------
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:34 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\XWatDog.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LVComS.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\skanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - D:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] XWatDog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - D:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - D:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7324 bytes
Kapersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 6:41:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 513295
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
D:\
Scan Statistics:
Total number of scanned objects: 48643
Number of viruses found: 27
Number of infected objects: 70
Number of suspicious objects: 0
Duration of the scan process: 00:56:30
Infected Object Name / Virus Name / Last Action
D:\avenger\backup.zip/avenger/wuauclt.exe Infected: Trojan-Downloader.Win32.Delf.che skipped
D:\avenger\backup.zip ZIP: infected - 1 skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Desktop\New Folder (2)\New Folder\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
D:\Documents and Settings\Tsurugi Kyo\Desktop\New Folder (2)\vdownloader.zip/VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
D:\Documents and Settings\Tsurugi Kyo\Desktop\New Folder (2)\vdownloader.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Tsurugi Kyo\DoctorWeb\Quarantine\OUATVVBA.NQF Infected: not-a-virus:AdWare.Win32.Mirar.i skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Temp\hpodvd09.log Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Temp\rasesnet.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bxh skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Temp\~DF4CA5.tmp Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Temp\~DF8675.tmp Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Temp\~DFC303.tmp Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\My Documents\Downloaded Stuff\Blaze Media Pro 7.1.0.0 + Crack.rar/Blaze Media Pro 7.1.0.0 + Crack/Blaze Media Pro 7.1.0.0.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
D:\Documents and Settings\Tsurugi Kyo\My Documents\Downloaded Stuff\Blaze Media Pro 7.1.0.0 + Crack.rar/Blaze Media Pro 7.1.0.0 + Crack/Crack/BMP.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
D:\Documents and Settings\Tsurugi Kyo\My Documents\Downloaded Stuff\Blaze Media Pro 7.1.0.0 + Crack.rar RAR: infected - 2 skipped
D:\Documents and Settings\Tsurugi Kyo\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Tsurugi Kyo\ntuser.dat.LOG Object is locked skipped
D:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped
D:\Program Files\Eset\infected\0THBPIDA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
D:\Program Files\Eset\infected\0THBPIDA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
D:\Program Files\Eset\infected\0THBPIDA.NQF NSIS: infected - 2 skipped
D:\Program Files\Eset\infected\0THBPIDA.NQF PE-Crypt.XorPE: infected - 2 skipped
D:\Program Files\Eset\infected\BARCJBCA.NQF/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
D:\Program Files\Eset\infected\BARCJBCA.NQF NSIS: infected - 1 skipped
D:\Program Files\Eset\infected\BARCJBCA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Program Files\Eset\infected\BH30WACA.NQF/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
D:\Program Files\Eset\infected\BH30WACA.NQF NSIS: infected - 1 skipped
D:\Program Files\Eset\infected\BH30WACA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Program Files\Eset\infected\BPJ4EFCA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
D:\Program Files\Eset\infected\BPJ4EFCA.NQF NSIS: infected - 1 skipped
D:\Program Files\Eset\infected\BPJ4EFCA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Program Files\Eset\infected\E4HWG1BA.NQF Infected: Trojan-PSW.Win32.WOW.zf skipped
D:\Program Files\Eset\infected\FC4QL0CA.NQF Infected: Trojan-Dropper.Win32.Delf.xo skipped
D:\Program Files\Eset\infected\G1PR1SBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
D:\Program Files\Eset\infected\G1PR1SBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
D:\Program Files\Eset\infected\G1PR1SBA.NQF NSIS: infected - 2 skipped
D:\Program Files\Eset\infected\G1PR1SBA.NQF PE-Crypt.XorPE: infected - 2 skipped
D:\Program Files\Eset\infected\HSMLBIAA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
D:\Program Files\Eset\infected\HSMLBIAA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
D:\Program Files\Eset\infected\HSMLBIAA.NQF NSIS: infected - 2 skipped
D:\Program Files\Eset\infected\HSMLBIAA.NQF PE-Crypt.XorPE: infected - 2 skipped
D:\Program Files\Eset\infected\JQUTFOBA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
D:\Program Files\Eset\infected\KW22GZDA.NQF/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
D:\Program Files\Eset\infected\KW22GZDA.NQF NSIS: infected - 1 skipped
D:\Program Files\Eset\infected\KW22GZDA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Program Files\Eset\infected\LHAN0YCA.NQF/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
D:\Program Files\Eset\infected\LHAN0YCA.NQF NSIS: infected - 1 skipped
D:\Program Files\Eset\infected\LHAN0YCA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Program Files\Eset\infected\MEHCHNAA.NQF Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
D:\Program Files\Eset\infected\N4O4QFAA.NQF Infected: Trojan-Downloader.Win32.Delf.che skipped
D:\Program Files\Eset\infected\OB3QFKDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.byj skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF/data0002/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF/data0003 Infected: Trojan-Downloader.Win32.Small.eqn skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF/data0004 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF/data0005 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF/data0006 Infected: Trojan-Dropper.Win32.Agent.mu skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF NSIS: infected - 6 skipped
D:\Program Files\Eset\infected\PGWO2DBA.NQF PE-Crypt.XorPE: infected - 6 skipped
D:\Program Files\Eset\infected\PKVGVNAA.NQF/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
D:\Program Files\Eset\infected\PKVGVNAA.NQF/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
D:\Program Files\Eset\infected\PKVGVNAA.NQF/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
D:\Program Files\Eset\infected\PKVGVNAA.NQF NSIS: infected - 3 skipped
D:\Program Files\Eset\infected\PKVGVNAA.NQF PE-Crypt.XorPE: infected - 3 skipped
D:\Program Files\Eset\infected\PM4IGNDA.NQF/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
D:\Program Files\Eset\infected\PM4IGNDA.NQF NSIS: infected - 1 skipped
D:\Program Files\Eset\infected\PM4IGNDA.NQF PE-Crypt.XorPE: infected - 1 skipped
D:\Program Files\Eset\infected\SQ3YNTBA.NQF Infected: Trojan-Dropper.Win32.Delf.xo skipped
D:\Program Files\Eset\infected\TDFXBBAA.NQF Infected: Trojan-Proxy.Win32.Agent.kj skipped
D:\Program Files\Eset\logs\virlog.dat Object is locked skipped
D:\Program Files\Eset\logs\warnlog.dat Object is locked skipped
D:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\chandir.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\chandir.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\chn.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\chn.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\D0000000.FCS Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\inuse.txt Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\L0000002.FCS Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\main.log Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_die.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_die.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_dnd.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_dnd.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_ext.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_ext.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_rcv.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\prs_rcv.idx Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\storydb.dat Object is locked skipped
D:\Program Files\Logitech\Desktop Messenger\8876480\Users\Tsurugi Kyo\Data\storydb.idx Object is locked skipped
D:\qoobox\Quarantine\catchme2007-11-12_221759.20.zip/ssqro.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agg skipped
D:\qoobox\Quarantine\catchme2007-11-12_221759.20.zip ZIP: infected - 1 skipped
D:\qoobox\Quarantine\catchme2007-11-14_154420.03.zip/ssttt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apq skipped
D:\qoobox\Quarantine\catchme2007-11-14_154420.03.zip ZIP: infected - 1 skipped
D:\qoobox\Quarantine\D\WINDOWS\system32\ejdnhlyp.dll.vir Infected: Trojan.Win32.BHO.re skipped
D:\qoobox\Quarantine\D\WINDOWS\system32\gfuscchr.dll.vir Infected: Trojan.Win32.BHO.rg skipped
D:\qoobox\Quarantine\D\WINDOWS\system32\hjwystnp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bif skipped
D:\qoobox\Quarantine\D\WINDOWS\system32\rwnporur.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.i skipped
D:\qoobox\Quarantine\D\WINDOWS\system32\tumfjxle.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.i skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{34BC7681-253C-49E2-8ACD-4D1DE516225A}\RP203\change.log Object is locked skipped
D:\VundoFix Backups\iifeddd.dll.bad Object is locked skipped
D:\VundoFix Backups\rjnxucas.dll.bad Object is locked skipped
D:\VundoFix Backups\xxywwus.dll.bad Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\awtqrsp.Vdll Object is locked skipped
D:\WINDOWS\system32\byxyvts.V00dll Object is locked skipped
D:\WINDOWS\system32\byxyvts.V01dll Object is locked skipped
D:\WINDOWS\system32\byxyvts.Vdll Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
little eagle
2008-01-24, 13:17
Lets try running combofix.exe
Download it from one of the links below:
Note:
It is important that it is saved directly to your desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
The text is too long by 20000 characters. Would you like me to upload it and post a link?
little eagle
2008-01-24, 23:05
Yes that would be nice. :bigthumb:
And here you go ^_^
http://rapidshare.com/files/86350898/log.txt.html
little eagle
2008-01-25, 04:29
Download The Avenger (http://swandog46.geekstogo.com/avenger.zip) Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!
Copy all the text contained in the code box below to your Clipboard.
Files to delete:
D:\WINDOWS\system32\byxyvts.V00dll
D:\WINDOWS\system32\byxyvts.V01dll
D:\WINDOWS\system32\byxyvts.Vdll
The above script is for this user only, if you need help please start your own thread.
Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.
After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log.
Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.
I would like to see a copy of the file in bold upload it here (http://forums.security-central.us/showthread.php?t=270)
Or email it
Please include a link to this thread.
And here is your requested incformation sir.
Avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ieanewey
*******************
Script file located at: \??\D:\WINDOWS\system32\icw^ubuq.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
File D:\WINDOWS\system32\byxyvts.V00dll not found!
Deletion of file D:\WINDOWS\system32\byxyvts.V00dll failed!
Could not process line:
D:\WINDOWS\system32\byxyvts.V00dll
Status: 0xc0000034
File D:\WINDOWS\system32\byxyvts.V01dll not found!
Deletion of file D:\WINDOWS\system32\byxyvts.V01dll failed!
Could not process line:
D:\WINDOWS\system32\byxyvts.V01dll
Status: 0xc0000034
File D:\WINDOWS\system32\byxyvts.Vdll not found!
Deletion of file D:\WINDOWS\system32\byxyvts.Vdll failed!
Could not process line:
D:\WINDOWS\system32\byxyvts.Vdll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:03 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\XWatDog.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\LVComS.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\skanneri.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - D:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] XWatDog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - D:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - D:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7443 bytes
little eagle
2008-01-25, 12:49
Close all programs leaving only HijackThis running. Place a check against each of the following,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_...iew22RTEv4.cab
Click on Fix Checked when finished and exit HijackThis.
----------------------------------
Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan
* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
I noticed that alot of the infections found were from drive C:. When it was initially infected...way back when, I installed a new OS on another partition (D: which is what I am using now), becuase I had alot of data (media/pictures) on C: and I didn't wnat to back it up.
ActiveScan Report
The file was too long, so here is the upload.
http://rapidshare.com/files/86679139/Activescan.txt.html
little eagle
2008-01-29, 13:53
Download and run - ATF Cleaner instructions here. (http://forums.security-central.us/showthread.php?t=1925)
-------------------------
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
Here you go bud. :bigthumb:
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:37 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\XWatDog.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Logitech\Video\LogiTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\LVComS.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Eset\nod32.exe
D:\Program Files\Trend Micro\HijackThis\skanneri.exe
D:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - D:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] XWatDog.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - D:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - D:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - D:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7811 bytes
Oh crud, I forgot to tell you how my computer was running at the moment.
As I explained in my first post, my computer will stop responding and my monitor will go blank after I run certain programs or access certain sites that use Java.
My computer is also picking up viruses, but not when my program is scanning, but whe nI am using other programs to scan (for example, when I was scanning my computer with Panda ActiveScan, my virus scanner went haywire and would popup with warnings every other minute).
little eagle
2008-02-02, 05:11
Be sure to keep SunJava, updated The new version is 6.0
In Add/Remove programs click on these and press *remove* if listed:
Viewpoint
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5- 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
Or any other outdated J2SE
It is important to remove older versions as these are the ones with the holes in them.
You will be surprised when you go to add/remove to see all of the versions sitting there.
Download Newest >>>> http://www.java.com/en/download/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test (http://www.java.com/en/download/installed.jsp)
Other than that I'm not seeing much let me know if the new version helps.
Sorry it took so long to reply, I have been busy with personal issues. It is strange, I went back and did another scan with 4 different scanners, and my computer came up clean, and the programs that would usually make my computer stall, don't anymore. With Java, when the initial problem started, I had the latest version, and I guess after installing the newer version fixed it. Well, this is the third time you guys have helped me out and I am thankful. *nods* :bigthumb:
little eagle
2008-02-06, 05:28
:crowned: Does this mean we can close this one.