Jsmtty

Members
  • Content count

    11
  • Joined

  • Last visited

About Jsmtty

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Thanks Jean, I did all of this. Seems to be helping with the speed. And I'm happy you found no malware. I really appreciate your advice. I am still unable to delete the file for some reason. It's the strangest thing. Since it's not really malware...it's not the end of the world. It's just keeping me from removing an old user from the machine. In the Documents and Settings folder, there are several users. Each user has a + by their name...since their folder contains sub folders. But this one old user has no + by their name...indicating they have no sub-folders. But there IS one sub-folder...and it contains a sub-folder...etc... I've never seen this before. If you have any other suggestions, please share. If you're stumped too...well it's not the end of the world. Thanks again for all of your help.
  2. Ok...first of all...The "strange" file that I can't delete is keeping me from removing a user account on this machine. I can locate the file in Windows Explorer...I just can't "do" anything with it...including uploading it to virustotal.com. Does that describe the first problem a little better? Ok - the second thing is the speed. This machine just seems to be running abnormally slow. I ran ccleaner. Here is the ComboFix Log...You'll see more than me...but I do want to get rid of the Yahoo toolbar I see: ComboFix 08-02-25.3 - PaulaW 02/28/2008 16:40:27.1 - NTFSx86 Running from: C:\Documents and Settings\All Users\Desktop\DownLoads\MalwareBytes\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\Web\default.htt . ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))) . 2008-02-28 16:40 . 02/28/08 04:40p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_334.dat 2008-02-28 15:42 . 02/28/08 03:43p <DIR> d-------- C:\Program Files\CCleaner 2008-02-25 15:12 . 02/25/08 03:12p <DIR> d-------- C:\Program Files\Trend Micro 2008-02-25 14:27 . 02/25/08 02:27p <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-25 14:27 . 02/25/08 02:27p <DIR> d-------- C:\Documents and Settings\PaulaW\Application Data\Malwarebytes 2008-02-25 14:27 . 02/25/08 02:27p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-02-25 12:56 . 06/05/07 10:56a 44,928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS 2008-02-25 12:40 . 02/25/08 01:55p <DIR> d-------- C:\WINNT\system32\ActiveScan 2008-02-25 12:40 . 02/25/08 12:51p 30,590 --a------ C:\WINNT\system32\pavas.ico 2008-02-25 12:40 . 02/25/08 12:51p 2,550 --a------ C:\WINNT\system32\Uninstall.ico 2008-02-25 12:40 . 02/25/08 12:51p 1,406 --a------ C:\WINNT\system32\Help.ico 2008-02-22 17:06 . 02/22/08 05:04p 691,545 --a------ C:\WINNT\unins000.exe 2008-02-22 17:06 . 02/22/08 05:06p 2,542 --a------ C:\WINNT\unins000.dat 2008-02-22 16:25 . 02/22/08 04:25p <DIR> d-------- C:\Documents and Settings\PaulaW\Application Data\Basta Computing 2008-02-22 16:24 . 02/22/08 04:24p <DIR> d-------- C:\Program Files\Basta Computing 2008-02-18 09:47 . 02/18/08 09:47a <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-02-18 09:47 . 02/13/07 08:23p 103,424 --a------ C:\WINNT\system32\hpzpnp.dll 2008-02-18 09:47 . 08/31/06 07:34p 33,792 --a------ C:\WINNT\system32\HPZIPR12.DLL 2008-02-18 09:47 . 09/01/06 02:29p 30,208 --a------ C:\WINNT\system32\HPZIPT12.DLL 2008-02-18 09:47 . 09/01/06 03:18p 20,480 --a------ C:\WINNT\system32\HPZISN12.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-28 20:43 --------- d-----w C:\Program Files\Yahoo! 2008-02-28 19:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-25 18:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-25 18:26 --------- d-----w C:\Program Files\NavNT 2008-02-25 18:19 --------- d-----w C:\Program Files\Google 2008-02-22 22:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-21 16:37 --------- d-----w C:\Program Files\MailFrontier 2008-02-20 20:32 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-10 17:39 575,488 ----a-w C:\WINNT\system32\WININET.DLL 2007-12-05 10:40 631,056 ----a-w C:\WINNT\system32\OLEAUT32.DLL 2004-07-15 14:37 271 ---h--w C:\Program Files\desktop.ini 2004-07-15 14:37 21,952 ---h--w C:\Program Files\folder.htt 2000-07-26 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/18/07 04:59p 68856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/08 11:43a 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p 111376 C:\WINNT\system32\mobsync.exe] "TCASUTIEXE"="TCAUDIAG -off" [] "vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/01 07:59a 73728] "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe" [05/04/04 02:21a 176128] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [03/31/04 11:34p 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664] "HPHmon05"="C:\WINNT\system32\hphmon05.exe" [05/04/04 05:17p 491520] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/16/05 10:11p 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 03:00a 132496] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/08 10:16p 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 02:05p 186640] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 11/02/01 09:50a 24636 C:\WINNT\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder "2008-02-28 20:36:03 C:\WINNT\Tasks\HP Usg Daily.job" - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-28 16:42:29 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINNT\system32\winlogon.exe -> C:\WINNT\system32\NavLogon.dll . Completion time: 02/28/2008 16:43:25 ComboFix-quarantined-files.txt 2008-02-28 21:43:08 . 2008-02-13 08:03:59 --- E O F --- ******************************************************************************** ***************** Here is the HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:51:10 PM, on 2/28/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINNT\system32\hphmon05.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\WINNT\System32\svchost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINNT\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 90.0.1.42 mainserver O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: YacsMon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} (Seagull Web-to-Host Control Module v4) - https://www.ussco.com/bluezone/controls/sglw2hcm.ocx O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.48/ttinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe -- End of file - 6725 bytes ******************************************************************************** ******************** Thanks again for your help.
  3. Hi Jean, The YacsMon program is from DeRamp. It was intentionally installed on this machine. I scanned it at virustotal.com anyway. It looked clean. The other file is acting like it doesn't even "exist". I can't even upload it at virustotal.com. Like it's not even there. Any other ideas? Thanks for your help !
  4. Hello, My machine is moving very slowly and has me a little worried. Especially when I start up IE. Also, I've also found a file I can't delete. Looks like this: C:\Documents and Settings\ShannonC\Local Settings\Temp\Temporary Internet Files\Content.IE5\4DAF8HUJ\activity;src=998766;met=1;v=1;pid=14258645... ...;ecn2=1;etm2=0;eid3=11;e[1].gif I'm not really sure how to proceed, so I figured I'd come ask the expert first. Thanks for any advice you can offer. Here is an mbam-log: Malwarebytes' Anti-Malware 1.05 Database version: 404 Scan type: Full Scan (C:\|) Objects scanned: 47823 Time elapsed: 24 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ************************************************************************** Here is the Panda Scan log: Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@atdmt[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@com[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@perf.overture[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@realmedia[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\PaulaW\Cookies\paulaw@server.iad.liveperson[2].txt ******************************************************************************** * Here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:55:33 PM, on 2/25/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\NavNT\vptray.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINNT\system32\hphmon05.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O1 - Hosts: 90.0.1.42 mainserver O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: YacsMon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} (Seagull Web-to-Host Control Module v4) - https://www.ussco.com/bluezone/controls/sglw2hcm.ocx O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.48/ttinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{0BFA9236-E346-42FF-BC7E-66C7F96BCCE3}: NameServer = 90.0.1.42,65.17.128.3 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe -- End of file - 6553 bytes
  5. Hi Again, I downloaded and installed Spybot S&D on Friday. I'm comfortable enough with it, I think. I've done some minor registry editing on many of our machines at work and haven't destroyed anything yet ! But I see what you mean...I set of alarms and sirens by just changing my screensaver ! This thing is thorough. Windows is set to update automatically and I'll keep an eye on Java. I've downloaded a version of ZoneAlarm Firewall that I'll try this week. Thanks for your help through this! Your time and advice is much appreciated.
  6. Great Advice ! I'll do exactly as you suggested. And...Still no Popups here. Here is my HJT Log... Please let me know if you see anything else. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:44 AM, on 9/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\MAILFR~1\mantispm.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: YacsMon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129166305125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177621409953 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robyco.com O17 - HKLM\Software\..\Telephony: DomainName = robyco.com O17 - HKLM\System\CCS\Services\Tcpip\..\{53D0049E-F1EA-42EC-A153-8678F2D3A74A}: NameServer = 65.17.128.7,65.17.128.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{B2975A30-2DE3-41D0-90D1-BE186F844043}: NameServer = 65.17.128.7,65.17.128.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = robyco.com O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: WLANKEEPER - Intel
  7. The media player was previously uninstalled via add/remove programs. Combo Fix has been loaded and run. After a reboot, QooBox has been deleted. No PopUps Yet !!! Still holding my breath. I'll respond again later with an update. Thanks for helping me. Here is the Combofix Log: ComboFix 07-08-30.3 - "JeffS" 2007-09-07 4:40:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.517 [GMT -4:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\ujagcjrfuc.dat C:\WINDOWS\system32\ujagcjrfuc.exe C:\WINDOWS\system32\ujagcjrfuc_nav.dat C:\WINDOWS\system32\ujagcjrfuc_navps.dat ((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 ))))))))))))))))))))))))))))))) 2007-09-07 04:38 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-06 18:09 4,534 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-06 18:07 <DIR> d-------- C:\SmitFraudFix 2007-09-06 16:56 <DIR> d-------- C:\HiJackThis 2007-09-06 00:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-06 00:20 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-05 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-09-04 15:08 <DIR> d-------- C:\Program Files\Lavasoft 2007-09-04 15:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-09-04 15:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-04 14:39 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-09-01 12:00 <DIR> d-------- C:\DOCUME~1\JeffS\APPLIC~1\TVU Networks 2007-08-14 11:59 <DIR> d-------- C:\Program Files\BlueTooth 2007-08-14 11:55 <DIR> d-------- C:\Program Files\Toshiba 2007-08-14 11:48 86,867 -ra------ C:\WINDOWS\system32\drivers\BCOREUSB.sys 2007-08-12 20:30 <DIR> d-------- C:\Program Files\iTunes 2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-06 14:29 --------- d-------- C:\Program Files\Mozilla Thunderbird 2007-09-06 14:28 --------- d-------- C:\Program Files\321Studios 2007-09-06 14:26 --------- d-------- C:\Program Files\MUSICMATCH 2007-09-06 14:24 --------- d-------- C:\Program Files\Common Files\Real 2007-09-05 23:08 --------- d-------- C:\Program Files\Windows Defender 2007-09-05 23:06 --------- d-------- C:\Program Files\NavNT 2007-09-05 23:02 --------- d-------- C:\Program Files\MailFrontier 2007-09-05 23:00 --------- d-------- C:\Program Files\Google 2007-09-05 23:00 --------- d-------- C:\Program Files\Digital Line Detect 2007-09-05 23:00 --------- d-------- C:\Program Files\DellSupport 2007-09-05 22:54 --------- d-------- C:\Program Files\Apoint 2007-09-05 14:08 73 --a------ C:\WINDOWS\system32\ssprs.dll 2007-09-05 13:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-08-26 21:15 100 --a------ C:\WINDOWS\system32\prsgrc.dll 2007-08-26 15:36 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\SopCast 2007-08-26 15:34 --------- d-------- C:\Program Files\SopCast 2007-08-12 20:30 --------- d-------- C:\Program Files\iPod 2007-08-12 20:28 --------- d-------- C:\Program Files\Apple Software Update 2007-08-05 18:02 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\Purple Ghost Software, Inc 2007-08-05 18:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Purple Ghost Software, Inc 2007-08-05 18:01 --------- d-------- C:\Program Files\Purple Ghost 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-17 16:51 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\DDMS 2007-07-16 12:12 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-16 12:12 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\InstallShield 2007-07-16 12:10 --------- d-------- C:\Program Files\DDMS 2007-07-13 12:19 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\AdobeUM 2007-07-12 19:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-12 16:30 --------- d-------- C:\DOCUME~1\JeffS\APPLIC~1\Apple Computer 2007-07-12 10:18 --------- d-------- C:\Program Files\Common Files\Apple 2007-07-12 10:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-07-12 10:13 --------- d-------- C:\Program Files\QuickTime 2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-06-27 10:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 10:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 10:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 10:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 10:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 10:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 10:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 10:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 10:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 10:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 10:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 10:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 10:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 10:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 10:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 10:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 10:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 10:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 10:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 04:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 04:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 04:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 03:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-15 17:08 126 --a------ C:\WINDOWS\gzcdweb.bat 2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:00] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 00:55] "HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 00:55] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 00:55] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 C:\WINDOWS\KHALMNPR.Exe] "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 08:59] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "Matador"="C:\PROGRA~1\MAILFR~1\mantispm.exe" [2006-01-20 11:44] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2002-02-15 10:51 24638 C:\WINDOWS\system32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c29030-4fec-11dc-8fa0-0010c69d1c00}] AutoRun\command- E:\setupSNK.exe *Newly Created Service* - CATCHME Contents of the 'Scheduled Tasks' folder 2007-09-06 03:56:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-06 04:13:28 C:\WINDOWS\Tasks\cleanmgr.job - C:\WINDOWS\system32\cleanmgr.exe 2007-06-05 13:10:25 C:\WINDOWS\Tasks\Defrag.job - C:\WINDOWS\system32\dfrg.msc 2007-09-07 05:40:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe 2007-09-07 06:34:12 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-07 04:44:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-07 4:46:11 C:\ComboFix-quarantined-files.txt ... 2007-09-07 04:45 --- E O F ---
  8. Also, FWIW... I just "KNOW" the exact time and place this problem began... And when I look in my C:\Windows folder, the following .log files are preset at that exact time on that exact date. I'll attach a picture in .pdf. Thanks Again!! C_Windows_1.pdf C_Windows_1.pdf
  9. Hi and thanks for your response. I'm still getting the popups - but here's what I did: First, I deleted the C:\WINDOWS\Temp\NSIS_Install_WMP.exe[WebMediaPlayer.exe file from my machine. Here is the 1st SmitFraudFix Report run before rebooting in Safe Mode: SmitFraudFix v2.221 Scan done at 18:09:05.26, Thu 09/06/2007 Run from C:\SmitFraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode
  10. A little more info here...Hopefully this helps: We mistakenly downloaded a program called "Web Media Player" on Saturday 09/01/07. This is also when the problems began. I'm 99% sure that this is the root of the problem. Also wanted to share this... I see some very strange .log files in my C:\Windows folder that were all added/modified on 09/01/07. I'll paste a couple of examples here...just in case that helps. Here is part of a file called netfxocm.log: [08/11/04,17:07:29] ******************************************************************************** [08/11/04,17:07:29] CUrtOcmSetup() [08/11/04,17:07:29] Installs NETFX component [08/11/04,17:07:29] OS Edition is Neither Embedded Nor Server. Initially not marked for installation. [08/11/04,17:07:29] OC_PREINITIALIZE - SubComponent: [08/11/04,17:07:29] OnPreInitialize(), charWidth = 3 [08/11/04,17:07:29] OC_INIT_COMPONENT - SubComponent: (null) [08/11/04,17:07:29] InitializeComponent() [08/11/04,17:07:29] OC_QUERY_STATE - SubComponent: netfx [08/11/04,17:07:29] OnQueryState() [08/11/04,17:07:29] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously. [08/11/04,17:07:29] OnQueryState(),Return Value is 0 [08/11/04,17:07:29] OC_CALC_DISK_SPACE - SubComponent: netfx [08/11/04,17:07:29] OnCalculateDiskSpace(), adding = 1 [08/11/04,17:07:29] SetVariableDirs() [08/11/04,17:07:29] OnCalculateDiskSpace(), adding size from section netfx_install [08/11/04,17:07:29] OC_WIZARD_CREATED - SubComponent: (null) [08/11/04,17:07:29] OnWizardCreated() [08/11/04,17:09:56] OC_QUERY_STATE - SubComponent: netfx [08/11/04,17:09:56] OnQueryState() [08/11/04,17:09:56] Called with OCSELSTATETYPE_CURRENT. [08/11/04,17:09:56] OnQueryState(),Return Value is 1 [08/11/04,17:09:56] OC_CALC_DISK_SPACE - SubComponent: netfx [08/11/04,17:09:56] OnCalculateDiskSpace(), adding = 1 [08/11/04,17:09:56] OnCalculateDiskSpace(), adding size from section netfx_install [08/11/04,17:11:22] NOTIFY_NDPINSTALL - SubComponent: netfx [08/11/04,17:11:22] OnNdpInstall(), subcomponent netfx with flag = 0 [08/11/04,17:11:22] ...called by component TabletPC Component Setup [08/11/04,17:11:22] Dependent component telling us not to install ... they will not be installing on this machine. [08/11/04,17:11:22] NOTIFY_NDPINSTALL - SubComponent: netfx [08/11/04,17:11:22] OnNdpInstall(), subcomponent netfx with flag = 0 [08/11/04,17:11:22] ...called by component eHome Component Setup [08/11/04,17:11:22] Dependent component telling us not to install ... they will not be installing on this machine. [08/11/04,17:11:23] OC_QUEUE_FILE_OPS - SubComponent: (null) [08/11/04,17:11:23] OnQueueFileOperations was not called, since subcomponent is unknown [08/11/04,17:11:23] OC_QUEUE_FILE_OPS - SubComponent: netfx [08/11/04,17:11:23] StateChanged() Original=1, Current=0 [08/11/04,17:11:23] OnQueueFileOperations() [08/11/04,17:11:23] Netfx is not set to install [08/11/04,17:12:36] OC_QUERY_STATE - SubComponent: netfx [08/11/04,17:12:36] OnQueryState() [08/11/04,17:12:36] Called with OCSELSTATETYPE_FINAL ... will set subcomponent registry flag. [08/11/04,17:12:36] Netfx is not set to install [08/11/04,17:12:36] OnQueryState(),Return Value is 2 [10/05/05,19:26:45] ******************************************************************************** [10/05/05,19:26:45] CUrtOcmSetup() [10/05/05,19:26:45] Installs NETFX component [10/05/05,19:26:45] OS Edition is Neither Embedded Nor Server. Initially not marked for installation. [10/05/05,19:26:45] OC_PREINITIALIZE - SubComponent: [10/05/05,19:26:45] OnPreInitialize(), charWidth = 3 [10/05/05,19:26:45] OC_INIT_COMPONENT - SubComponent: (null) [10/05/05,19:26:45] InitializeComponent() [10/05/05,19:26:45] OC_QUERY_STATE - SubComponent: netfx [10/05/05,19:26:45] OnQueryState() [10/05/05,19:26:45] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously. [10/05/05,19:26:45] OnQueryState(),Return Value is 0 [10/05/05,19:26:45] OC_CALC_DISK_SPACE - SubComponent: netfx [10/05/05,19:26:45] OnCalculateDiskSpace(), adding = 1 [10/05/05,19:26:45] SetVariableDirs() [10/05/05,19:26:45] OnCalculateDiskSpace(), adding size from section netfx_install [10/05/05,19:26:45] OC_WIZARD_CREATED - SubComponent: (null) [10/05/05,19:26:45] OnWizardCreated() [10/05/05,19:26:45] OC_QUERY_STATE - SubComponent: netfx [10/05/05,19:26:45] OnQueryState() [10/05/05,19:26:45] Called with OCSELSTATETYPE_CURRENT. [10/05/05,19:26:45] OnQueryState(),Return Value is 1 [10/05/05,19:26:45] OC_CALC_DISK_SPACE - SubComponent: netfx [10/05/05,19:26:45] OnCalculateDiskSpace(), adding = 1 [10/05/05,19:26:45] OnCalculateDiskSpace(), adding size from section netfx_install [10/05/05,19:26:46] OC_QUEUE_FILE_OPS - SubComponent: (null) [10/05/05,19:26:46] OnQueueFileOperations was not called, since subcomponent is unknown [10/05/05,19:26:46] OC_QUEUE_FILE_OPS - SubComponent: netfx [10/05/05,19:26:46] StateChanged() Original=1, Current=0 [10/05/05,19:26:46] OnQueueFileOperations() [10/05/05,19:26:46] Netfx is not set to install [10/05/05,19:26:47] OC_QUERY_STATE - SubComponent: netfx [10/05/05,19:26:47] OnQueryState() [10/05/05,19:26:47] Called with OCSELSTATETYPE_FINAL ... will set subcomponent registry flag. [10/05/05,19:26:47] Netfx is not set to install [10/05/05,19:26:47] OnQueryState(),Return Value is 2 [10/12/05,20:22:44] ******************************************************************************** [10/12/05,20:22:44] CUrtOcmSetup() [10/12/05,20:22:44] Installs NETFX component [10/12/05,20:22:44] OS Edition is Neither Embedded Nor Server. Initially not marked for installation. [10/12/05,20:22:44] OC_PREINITIALIZE - SubComponent: [10/12/05,20:22:44] OnPreInitialize(), charWidth = 3 [10/12/05,20:22:44] OC_INIT_COMPONENT - SubComponent: (null) [10/12/05,20:22:44] InitializeComponent() [10/12/05,20:22:44] OC_QUERY_STATE - SubComponent: netfx [10/12/05,20:22:44] OnQueryState() [10/12/05,20:22:44] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously. [10/12/05,20:22:44] OnQueryState(),Return Value is 0 [10/12/05,20:22:44] OC_CALC_DISK_SPACE - SubComponent: netfx [10/12/05,20:22:44] OnCalculateDiskSpace(), adding = 1 [10/12/05,20:22:44] SetVariableDirs() [10/12/05,20:22:44] OnCalculateDiskSpace(), adding size from section netfx_install [10/12/05,20:22:45] OC_CLEANUP - SubComponent: (null) [10/12/05,20:22:45] OnCleanup() [10/12/05,20:22:52] ******************************************************************************** [10/12/05,20:22:52] CUrtOcmSetup() [10/12/05,20:22:52] Installs NETFX component [10/12/05,20:22:52] OS Edition is Neither Embedded Nor Server. Initially not marked for installation. [10/12/05,20:22:52] OC_PREINITIALIZE - SubComponent: [10/12/05,20:22:52] OnPreInitialize(), charWidth = 3 [10/12/05,20:22:52] OC_INIT_COMPONENT - SubComponent: (null) [10/12/05,20:22:52] InitializeComponent() [10/12/05,20:22:52] OC_QUERY_STATE - SubComponent: netfx [10/12/05,20:22:52] OnQueryState() [10/12/05,20:22:52] Called with OCSELSTATETYPE_ORIGINAL ... determining if we were installed previously. [10/12/05,20:22:52] OnQueryState(),Return Value is 0 [10/12/05,20:22:52] OC_CALC_DISK_SPACE - SubComponent: netfx [10/12/05,20:22:52] OnCalculateDiskSpace(), adding = 1 [10/12/05,20:22:52] SetVariableDirs() [10/12/05,20:22:52] OnCalculateDiskSpace(), adding size from section netfx_install [10/12/05,20:22:53] OC_CLEANUP - SubComponent: (null) [10/12/05,20:22:53] OnCleanup() [10/12/05,20:39:29] ________________________________________________________________________________ _________________________ Here is part of a file called msgsocm.log: Initialize setup: MSGROCM.DLL 08/11/04 17:07:28 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x0 0x0 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_WIZARD_CREATED] - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_QUERY_CHANGE_SEL_STATE] - complete [msmsgs - OC_CALC_DISK_SPACE] - complete [msmsgs - OC_QUEUE_FILE_OPS] - complete [msmsgs - OC_QUEUE_FILE_OPS] - complete [msmsgs - OC_QUERY_STEP_COUNT] - complete [msmsgs - OC_QUERY_STEP_COUNT] - complete [msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete [msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete [msmsgs - OC_COMPLETE_INSTALLATION] - complete [msmsgs - OC_COMPLETE_INSTALLATION] - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/05/05 19:26:44 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb8 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_WIZARD_CREATED] - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_QUERY_CHANGE_SEL_STATE] - complete [msmsgs - OC_CALC_DISK_SPACE] - complete [msmsgs - OC_QUEUE_FILE_OPS] - complete [msmsgs - OC_QUEUE_FILE_OPS] - complete [msmsgs - OC_QUERY_STEP_COUNT] - complete [msmsgs - OC_QUERY_STEP_COUNT] - complete [msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete [msmsgs - OC_ABOUT_TO_COMMIT_QUEUE] - complete [msmsgs - OC_COMPLETE_INSTALLATION] - complete [msmsgs - OC_COMPLETE_INSTALLATION] - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:22:42 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:22:52 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:28 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:35 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:39 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:44 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:49 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:54 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:39:59 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete Initialize setup: MSGROCM.DLL 10/12/05 20:40:04 [msmsgs - OC_PREINITIALIZE] - complete [msmsgs - OC_INIT_COMPONENT] [HigherVersionInstalled] : InstalledVersion: 0x40007 0xbb9 VersionOnCD: 0x40007 0xbb8 - complete [msmsgs - OC_QUERY_STATE] - complete [msmsgs - OC_CLEANUP] - complete
  11. Hi, I've been browsing here for quite some time. I'm having a similar problem with popups. I would appreciate any help you can give ! Here is my HJT log and Panda Scan log: Logfile of HijackThis v1.99.1 Scan saved at 11:34:51 PM, on 9/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\MsgSys.EXE C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\MAILFR~1\mantispm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\YacsMon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\All Users\Desktop\My Downloads\AVG\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: YacsMon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\system32\cachepal.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installshield.com/install/iftwclix.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...ab?112916630512 5 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat....cab?1177621409 953 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robyco.com O17 - HKLM\Software\..\Telephony: DomainName = robyco.com O17 - HKLM\System\CCS\Services\Tcpip\..\{53D0049E-F1EA-42EC-A153-8678F2D3A74A}: NameServer = 65.17.128.7,65.17.128.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{B2975A30-2DE3-41D0-90D1-BE186F844043}: NameServer = 65.17.128.7,65.17.128.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = robyco.com O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: WLANKEEPER - Intel