IE Closes & Products keep being cked to ignore in scan and slow

[j-escalader72]

Hi,

I have 3 computer quirks that has slowly come up in the last 4-6 weeks.
They are:

* Computer is extremely SLOW to start up and shut down.

* Sporadically, there is delayed times from my actions.... (clicking, typing, or etc)... It can be when I am typing into the search box, preparing a post or closing a window.

* Approx 1 - 2 minutes after opening IE, it suddenly closes. After I reopen IE, it runs great.....Strangely IE only closes on the initial IE opening.

Both Ad-Aware SE Personal Build 1.06r1 and Spybot-S&D 1.4 were run & cleaned if any found.

I have a few questions about my Spybot S&D 1.4 settings......
There are a few ignore product check marks that i DID NOT check....
I unchk them but next time they are chked again.

CDilla PUPS

CDilla Revision sbi

SideStep PUPS

I Don't understand, why I cant keep them uncked and what are they?

I would like advice on where to proceed since these problems remain.

Thank you so kindly for any & all assistance.
J-escalader72

___________________________________

Here is my Spybot S&D log
--- Search result list ---
--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP0: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
/ Windows XP / SP2: Windows XP Hotfix - KB820291
/ Windows XP / SP2: Windows XP Hotfix - KB821253
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB822603
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828028
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833998
/ Windows XP / SP2: Windows XP Hotfix - KB835409
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814995
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
/ Windows XP / SP3: Windows XP Hotfix - KB885626
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, _AntiSpyware
command: C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
file: C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
size: 114688
MD5: e75d193fc5f228b11e2c7b115320ef34

Located: HK_LM:Run, blpgvyqlphz
command: C:\WINDOWS\System32\tpttvtx.exe
file:

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 106549
MD5: 6d21f9202a24b36e7cb10e8ed9f9de37

Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
file: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
size: 25600
MD5: b1babd95db16dfea7cd7206169b71cbb

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
size: 25600
MD5: b1babd95db16dfea7cd7206169b71cbb

Located: HK_LM:Run, ViewMgr
command: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
file: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 25600
MD5: b1babd95db16dfea7cd7206169b71cbb

Located: HK_LM:Run, HP Software Update (DISABLED)
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 25600
MD5: b1babd95db16dfea7cd7206169b71cbb

Located: HK_LM:Run, MCAgentExe (DISABLED)
command: c:\PROGRA~1\mcafee.com\agent\McAgent.exe
file: c:\PROGRA~1\mcafee.com\agent\McAgent.exe
size: 25600
MD5: b1babd95db16dfea7cd7206169b71cbb

Located: HK_LM:Run, Microsoft Works Portfolio (DISABLED)
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
file:

Located: HK_LM:Run, Microsoft Works Update Detection (DISABLED)
command: C:\Program Files\Microsoft Works\WkDetect.exe
file: C:\Program Files\Microsoft Works\WkDetect.exe
size: 28739
MD5: 3141750fad211c6dadf7c2dc2ec74da8

Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 364544
MD5: fa537c72dc6d4f74b3d8a87f7cfbb6ac

Located: HK_LM:Run, Share-to-Web Namespace Daemon (DISABLED)
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: d5bc63d2822b8e244e53d2ff8078cc6b

Located: HK_LM:Run, Show missed alarms (DISABLED)
command: C:\Program Files\Alarm\Alarm.exe
file: C:\Program Files\Alarm\Alarm.exe
size: 225704
MD5: 03166938b9183861a323cc79469feafa

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 25600
MD5: b1babd95db16dfea7cd7206169b71cbb

Located: HK_LM:Run, VirusScan Online (DISABLED)
command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 163840
MD5: 3fe1e841ed8483f7a75a1e86f6fc2216

Located: HK_LM:Run, VSOCheckTask (DISABLED)
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
size: 122880
MD5: 90cf41e5d4e8d3a88d8630da5c3b7a3a

Located: HK_LM:Run, WildTangent CDA (DISABLED)
command: RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
file: C:\WINDOWS\system32\RUNDLL32.exe
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, WinTools (DISABLED)
command: C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
file:

Located: HK_LM:Run, WorksFUD (DISABLED)
command: C:\Program Files\Microsoft Works\wkfud.exe
file: C:\Program Files\Microsoft Works\wkfud.exe
size: 24576
MD5: 9d05d00e8631b7874d164d6dedd6d801

Located: HK_CU:Run, Weather (DISABLED)
command: C:\Program Files\AWS\WeatherBug\Weather.exe 1
file:

Located: HK_CU:Run, Yahoo! Pager (DISABLED)
command: "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
file:

Located: Startup (common), Google Updater.lnk (DISABLED)
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 114616
MD5: f6a23759e3ad31c8537244f4e7b28f1d

Located: Startup (common), ymetray.lnk (DISABLED)
command: C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
file: C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
size: 49152
MD5: 92200938d2a67a41b334b2dcaf55e674

Located: Startup (disabled), Adobe Reader Speed Launch.lnk (DISABLED)
command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
file:

Located: Startup (disabled), Alarm Clock Icon.lnk (DISABLED)
command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Alarm Clock Icon.lnk.disabled
file:

Located: Startup (disabled), America Online 7.0 Tray Icon (DISABLED)
command: C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
file: C:\PROGRA~1\AMERIC~1.0\aoltray.exe
size: 32839
MD5: 383f838bcc2b44152b5e2f5046d3108a

Located: Startup (disabled), Enable Labtec Wireless Desktop (DISABLED)
command: C:\PROGRA~1\LABTEC~1\MagicKey.exe
file: C:\PROGRA~1\LABTEC~1\MagicKey.exe
size: 258048
MD5: 16cdc77415303f87fd617c5aaf9348c7

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~4\Office\OSA9.EXE
size: 65588
MD5: ffdc3bcba32d5947cb628086193eba19

Located: Startup (disabled), Microsoft Works Calendar Reminders (DISABLED)
command: C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
file: C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
size: 24633
MD5: 7084b58a098d2f83b304832251a8c6a8

Located: Startup (disabled), msoffice (DISABLED)
command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msoffice.exe
file:

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll

[Mr_JAk3]

Hi j-escalader72 and welcome to the Safer Networking Forums

You got some infections there...

Post a HijackThis log to here:

• Please download HijackThis to your desktop -> HijackThis 1.99.1
• Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
• Run HijackThis.exe
• Click on Do a system scan and save a logfile
• Wait for the scan to end, a logfile will popup in a notepad document
• Please copy that log and paste it to you thread

Then we'll continue

[j-escalader72]

Mr Jak,
Thank you for the welcome and your quick response.
Here is my HJT Log.
Let me know what to do next.

Take Care,
J-escalader72
_________________________________

Logfile of HijackThis v1.99.1
Scan saved at 8:44:59 PM, on 10/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\ie.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (disabled by BHODemon)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (disabled by BHODemon)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [blpgvyqlphz] C:\WINDOWS\System32\tpttvtx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: ymetray.lnk.disabled
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://usmilitary.about.com
O15 - Trusted Zone: http://www.la.ngb.army.mil
O15 - Trusted Zone: http://www.armyonesource.com
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://www.juno.com
O15 - Trusted Zone: www.militaryonesource.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: groups.msn.com
O15 - Trusted Zone: www.msnusers.com
O15 - Trusted Zone: http://vil.nai.com
O15 - Trusted Zone: *.nextel.com
O15 - Trusted Zone: http://loginnet.passport.com
O15 - Trusted Zone: http://*.subratam.org
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.1.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...29/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Mr_JAk3]

Hi again

One or more of the identified infections has backdoor capabilities.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

[j-escalader72]

Thank you for the info.

I am wondering when this happened.... cause lately when i was updating my security stuff to the updated version, i noticed my mcafee was stopped from my lower toolbar as active..... dont know where it went.

I dont do any banking or financial transactions on the PC. I am currently changing all passwords. I guess i need to isolate and get rid of the bug.
Id like to inform you that i have various personal challanges due to a serious accident. As far as reformatting or redoing my puter, i would become too overwhelmed. My finances are very limited..... I can follow most directions pretty well but if too extensive i just shut down. Please advise my next step to get rid of bug...If you would like you can IM for quicker info.

Thank you so very kindly for your assistance.
J-escalader

[Mr_JAk3]

Hi again and sorry for the delay, I've been busy.

I'll be happy to help you with the cleaning process

Some of the McAfee's startups have been disabled, you should enable these again.

Start -> Run -> type the following without quotes and hit Ok, "msconfig"
Click on the "Startup" tab and checkmark all the following entries:

MCAgentExe
VirusScan Online
VSOCheckTask

Hit Apply and Ok, close the window.
Reboot the computer, McAfee should be enabled now.

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

Please post an uninstall list to here.

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• Click on the Save list... button and specify where you would like to save this file.
• When you press Save button a notepad will open with the contents of that file.
• Simply copy and paste the contents of that notepad here on your next reply.

Go to Start >Run and type "Notepad" without the quotes
Copy the text from the quotebox to Notepad.
Go to the menu at the top of the Notepad file and Save as:

• Name the file peek.bat
• Save as Type: All files
• Select the desktop icon on the left to save it on the desktop.

Double click on peek.bat and let it run.
When finished it will open a file in Notepad.
That file will be named startup.txt
Please post the contents of startup.txt into your next reply here.

if not exist Files MkDir Files

regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
type peek1.txt >> startup.txt
type peek2.txt >> startup.txt
del peek*.txt
start notepad startup.txt

Copy files\*.txt = startup.txt
rmdir /s /q files
Start Notepad startup.txt

Then we'll continue

[j-escalader72]

Mr Jak,
Thank you.....
I am confused on what you really wanted me to do with new notepad stuff....

I was unsure how long it would take to run the peek.bat. (after waiting 10 min. i figiured i had done something incorrect)....so i restarted instructions again..... took me about an hour to figure out the instructions in what to do.... and it only took a few seconds to give peek.bat results and i hope this is what you need.

but here goes

uninstall list

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
America Online
AOL Coach Version 1.0(Build:20020605.1)
AOL Instant Messenger
ArcSoft Software Suite
Belarc Advisor 6.0
BellSouth FastAccess DSL WEB Controls
BellSouth® Communications Suite
BroadJump Client Foundation
Calc98
Creative WebCam Instant Driver (1.01.02.0729)
Detto IntelliMover Demo
DirectX 9 Hotfix - KB839643
Disney's Lilo and Stitch Pinball
DLA
ewido security suite
FileAlyzer 1.1i
FoneSync
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Hemera Products
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
hp center
hp deskjet 3320 series (Remove only)
hp instant support
HP Memories Disc
HP Photo and Imaging 1.0 - Scanjet 3500c Series
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Photo and Imaging 2.0 - Scanners
HP Photosmart Essential
HP Software Update
hp toolkit
ImageMixer
Inactive HP Printer Drivers (Remove only)
Intel(R) Extreme Graphics Driver
Intel® Create & Share® Software
InterActual Player
Internet Explorer Q867801
InterVideo WinDVD
iPod Update 2004-04-28
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_05
JD Secure 3.1
Juno 6
Kaspersky On-line Scanner
KBD
Labtec Wireless Desktop
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 4.12.3
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Shockwave Player
MathPlayer
McAfee AntiSpyware
McAfee SecurityCenter
McAfee VirusScan Professional
Microsoft Chat 2.5
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 5 PowerTweaks Web Accessory
Microsoft Office Excel Viewer 2003
Microsoft PowerPoint Viewer 97
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
Moffsoft FreeCalc
Mozilla Firefox (1.5.0.7)
MSN Add-in for Windows Messenger
MSN Gaming Zone
MSN Messenger 7.5
MSN Toolbar
MUSICMATCH Jukebox
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q823353
PC-Doctor for Windows
PigPen
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken Financial Center
QuickTime
RealPlayer
RTC Client API v1.2
SabreWing 2
Snowboard Extreme
Space Rocks
Speedway
Spy Sweeper
Spybot - Search & Destroy 1.4
Talking Alarm Clock
Ultra WinCleaner One Click! Version 8.0
upapp
Virtual Warfare
Westell Firmware Upgrade
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833998
Windows XP Hotfix - KB835409
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB885626
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
WordPerfect Productivity Pack
WordPerfect Productivity Pack
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Startup list

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]